ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 505 discussion

Actual exam question from CompTIA's SY0-601
Question #: 505
Topic #: 1
[All SY0-601 Questions]

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following:

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.
• One of the websites the manager used recently experienced a data breach.
• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

  • A. Remote access Trojan
  • B. Brute-force
  • C. Dictionary
  • D. Credential stuffing
  • E. Password spraying
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by CastratedMonk at July 5, 2023, 9:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CastratedMonk
Highly Voted 1 year, 11 months ago
Selected Answer: D
"Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords (often from a data breach), and then uses the credentials to gain unauthorized access to user accounts"
upvoted 13 times
...
memodrums
Highly Voted 1 year, 4 months ago
This is not on the exam objectives.
upvoted 6 times
...
MortG7
Most Recent 1 year, 5 months ago
D. Credential stuffing: Credential stuffing is an attack where previously leaked usernames and passwords from one site are used to gain unauthorized access to accounts on other sites. The recent data breach on one of the websites may have exposed the manager's credentials, which were then used to access the corporate account.
upvoted 3 times
...
Securityguy42
1 year, 5 months ago
Selected Answer: E
From: https://www.splunk.com/en_us/blog/learn/password-spraying.html "Password spraying and credential stuffing often go hand in hand. Both are brute-force attacks that aim to acquire unauthorized access to user accounts. Yet there is a difference between these two types of attacks. Credential stuffing involves using many username and password combinations obtained by attackers. In the meantime, password spraying attacks involve trying a single or a small number of commonly used passwords against many user accounts. As a general rule of thumb, we can say that password-spraying attacks are typically carried out against a specific target and thus can be more difficult to detect than credential stuffing. "
upvoted 1 times
...
david124
1 year, 5 months ago
Selected Answer: E
E. The manager's pass has been used on many different accounts. One of those accounts got compromised then the attacker took the pass they stole and "Sprayed" it across different accounts to see where it would work. Besides, I just checked and "Credential stuffing" isn't in the exam objective sheet nor is it anywhere in the book/study guide.
upvoted 5 times
Nemish71
1 year, 1 month ago
Password Spraying ▪ Brute force attack in which multiple user accounts are tested with a dictionary of common passwords While: Credential Stuffing ▪ Brute force attack in which stolen user account names and passwords are tested against multiple websites ▪ Credential stuffing can be prevented by not reusing passwords across different websites
upvoted 1 times
...
...
Malkhofash
1 year, 6 months ago
Credential stuffing
upvoted 1 times
...
Made100
1 year, 6 months ago
E the manager used the same passwords for different websites and username so the attack is password spraying. That was hard.
upvoted 2 times
...
Gamsje
1 year, 11 months ago
Selected Answer: D
A and D are possible. I choose D.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel