CompTIA Security+ (SY0-501) — Question 556

An attacker is able to capture the payload for the following packet:
IP 192.168.1.22:2020 10.10.10.5:443
IP 192.168.1.10:1030 10.10.10.1:21
IP 192.168.1.57:5217 10.10.10.1:3389
During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company.
Which of the following is the MOST likely reason?

Answer options

• A. The attacker has exploited a vulnerability that is commonly associated with TLS1.3.
• B. The application server is also running a web server that has been compromised.
• C. The attacker is picking off unencrypted credentials and using those to log in to the secure server.
• D. User accounts have been improperly configured to allow single sign-on across multiple servers.

Correct answer: C

Explanation

The correct answer is C because the attacker likely captured unencrypted credentials during the data transmission, allowing them to log in to secure servers. Options A and B mention vulnerabilities or compromises that do not directly relate to the interception of credentials. Option D suggests a configuration issue but does not explain how the attacker gained access through intercepted information.