ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 338 discussion

Actual exam question from CompTIA's SY0-601
Question #: 338
Topic #: 1
[All SY0-601 Questions]

A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:



Which of the following can the security analyst conclude?

  • A. A replay attack is being conducted against the application.
  • B. An injection attack is being conducted against a user authentication system.
  • C. A service account password may have been changed, resulting in continuous failed logins within the application.
  • D. A credentialed vulnerability scanner attack is testing several CVEs against the application.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by pmmg at Feb. 6, 2023, 9:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hsdj
Highly Voted 2 years, 3 months ago
Selected Answer: B
7=7 injection - I'll choose B
upvoted 17 times
...
MortG7
Most Recent 1 year, 6 months ago
As was noted by hsdj 7=7 is an injection attack. The result of 7=7 is true and the hope is that the db would agree based on that True boolean.
upvoted 2 times
...
A_N_C
1 year, 7 months ago
it is too much confusing, the answer is C in the same question 48...
upvoted 1 times
...
sujon_london
1 year, 8 months ago
The line "[03/06/20xx:17:20:18] system 127.0.0.1 findXPath=// User[Username/text()='foo' or 7=7 or 'o'='o' and Password/text='bar']" indicates a potential injection attack. The presence of the injected XPath query suggests an attempt to manipulate the authentication system by bypassing the username and password check. The nest log lines show that someone successfully logged in to the appadmin test account and attempted to perform an action (open.account) but failed. This behavior aligns with an injection attack against a user authentication system. Answer is B
upvoted 4 times
...
DriftandLuna
1 year, 9 months ago
Selected Answer: B
I'd be going with B, the injection attack can be seen on the 1st line. I am not sure what the fails are but they don't appear to be log in attempts.
upvoted 1 times
...
ronah
1 year, 11 months ago
Selected Answer: C
C. A service account password may have been changed, resulting in continuous failed logins within the application. The log shows multiple failed login attempts for the "appadmin" account with different account numbers (12345, 23456, 45678). This suggests that someone is attempting to access or open accounts using the appadmin account but is failing to do so. The repeated failed login attempts indicate that a password change might have occurred for the appadmin account, and the attacker is trying to guess the new password.
upvoted 1 times
ronah
1 year, 11 months ago
Both option B and option C can be valid conclusions based on the provided log. It is possible that an injection attack is being conducted against a user authentication system, as indicated by the presence of the XPath query in the log entry. Additionally, the log also suggests the possibility of a service account password change, resulting in continuous failed login attempts within the application. So, in this case, both option B ("An injection attack is being conducted against a user authentication system") and option C ("A service account password may have been changed, resulting in continuous failed logins within the application") can be considered as potential conclusions.
upvoted 1 times
...
...
fouserd
2 years ago
Selected Answer: B
B. An injection attack is being conducted against a user authentication system. The log shows that the appadmin test account was used to execute an XPath injection attack against the application's user authentication system. The attack string used in the XPath injection is designed to bypass authentication and grant access to the application. The subsequent failed attempts to open several accounts indicate that the attacker was attempting to perform unauthorized actions on those accounts.
upvoted 1 times
...
pmmg
2 years, 3 months ago
Selected Answer: C
Looks like C to me. The account had success, and then failed. The password changed.
upvoted 1 times
Ranaer
2 years, 3 months ago
The fails arent login attempts.
upvoted 2 times
seagnull
2 years, 2 months ago
what are the fails then?
upvoted 1 times
sujon_london
1 year, 8 months ago
The nest log lines show that someone successfully logged in to the appadmin test account and attempted to perform an action (open.account) but failed. This behavior aligns with an injection attack against a user authentication system
upvoted 2 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago