ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 452 discussion

Actual exam question from CompTIA's SY0-701
Question #: 452
Topic #: 1
[All SY0-701 Questions]

While investigating a possible incident, a security analyst discovers the following:



Which of the following should the analyst do first?

  • A. Implement a WAF.
  • B. Disable the query.php script.
  • C. Block brute-force attempts on temporary users.
  • D. Check the users table for new accounts.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by chasingsummer at Nov. 20, 2024, 10:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fmeox567
Highly Voted 7 months ago
Selected Answer: D
D. Check the users table for new accounts. Here's why: SQL injection can lead to unauthorized database access and modifications, such as creating new user accounts. By checking the users table for any suspicious or unauthorized accounts, the analyst can quickly identify if the attack succeeded and take immediate action to remove or disable those accounts.
upvoted 5 times
...
baguttebandit
Most Recent 1 month, 2 weeks ago
Selected Answer: D
Remember the 7 step process: preparation, detection, analysis, containment, eradication, recovery, lessons learned. The security analyst detected the issue in the question prompt, the next step is analyze (check if new user was created).
upvoted 1 times
...
chloechen
1 month, 3 weeks ago
Selected Answer: B
1.Attacks are being launched via query.php (apparent SQL Injection attempt) 2.The attack path should be blocked immediately to prevent data corruption or further infiltration. 3.Disabling the script immediately terminates the attack surface and is part of the "containment phase" of the incident response process.
upvoted 1 times
...
Fourgehan
6 months, 3 weeks ago
Selected Answer: D
D. Check the users table for new accounts. This step will provide immediate insight into whether the incident has led to unauthorized access or account creation, allowing for a more informed response to the situation
upvoted 4 times
...
BevMe
7 months, 1 week ago
Selected Answer: D
The second log entry shows a potential SQL injection attack where the request contains the string: sql Copy code 123 INSERT INTO users VALUES ('temp', 'pass123')# This suggests that the attacker is attempting to insert a new record into the "users" table by exploiting a vulnerability in the query.php script. The first step the security analyst should take is to check the users table for any new accounts that might have been created during the attack.
upvoted 1 times
...
chasingsummer
7 months, 1 week ago
Selected Answer: B
Best immediate action: disable the query.php script
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel