CompTIA CySA+ (CS0-003) — Question 385

An analyst reviews the following web server log entries:

%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd

No attacks or malicious attempts have been discovered. Which of the following most likely describes what took place?

Answer options

• A. A SQL injection query took place to gather information from a sensitive file.
• B. A PHP injection was leveraged to ensure that the sensitive file could be accessed.
• C. Base64 was used to prevent the IPS from detecting the fully encoded string.
• D. Directory traversal was performed to obtain a sensitive file for further reconnaissance.

Correct answer: D

Explanation

The correct answer is D because the log entries indicate a directory traversal attempt to access the '/etc/passwd' file, which contains user account information. The other options are incorrect as they refer to different types of attacks that were not evidenced by the log entries provided.