CompTIA CySA+ (CS0-003) — Question 318

An analyst reviews the following web server log entries:

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd

No attacks or malicious attempts have been discovered. Which of the following most likely describes what took place?

Answer options

• A. A SQL injection query took place to gather information from a sensitive file.
• B. A PHP injection was leveraged to ensure that the sensitive file could be accessed.
• C. Base64 was used to prevent the IPS from detecting the fully encoded string.
• D. Directory traversal was performed to obtain a sensitive file for further reconnaissance.

Correct answer: D

Explanation

The correct answer is D because the encoded string indicates an attempt at directory traversal, which aims to access the '/etc/passwd' file. Options A and B imply different types of attacks that are not evident from the log entries, while option C does not accurately describe the nature of the encoded string present in the logs.