CompTIA Security+ (SY0-501) — Question 296

A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack?

Answer options

• A. Domain hijacking
• B. Injection
• C. Buffer overflow
• D. Privilege escalation

Correct answer: D

Explanation

The correct answer is D, as privilege escalation involves gaining higher access rights than intended, which is evident in this scenario where a new session is created with full access. Options A, B, and C do not accurately describe the situation; domain hijacking refers to taking control of a domain, injection attacks involve inserting malicious code, and buffer overflow pertains to exceeding memory limits, none of which align with the scenario presented.