ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 157 - SY0-701 discussion

Report
Export

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

A.
A replay attack is being conducted against the application.
Answers
A.
A replay attack is being conducted against the application.
B.
An injection attack is being conducted against a user authentication system.
Answers
B.
An injection attack is being conducted against a user authentication system.
C.
A service account password may have been changed, resulting in continuous failed logins within the application.
Answers
C.
A service account password may have been changed, resulting in continuous failed logins within the application.
D.
A credentialed vulnerability scanner attack is testing several CVEs against the application.
Answers
D.
A credentialed vulnerability scanner attack is testing several CVEs against the application.
Suggested answer: A

Explanation:

A replay attack is a type of network attack where an attacker captures and retransmits a valid data transmission, such as a login request, to gain unauthorized access or impersonate a legitimate user.

In this case, the attacker may have captured the credentials of the app admin test account and used them to log in to the application. The application log shows multiple failed login attempts from different IP addresses, which indicates a replay attack.

asked 02/10/2024
Daniel Ramirez
46 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first