CompTIA Security+ (SY0-601) — Question 447

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

http://comptia.org/../../../etc/passwd

Which of the following types of attacks is being attempted and how can it be mitigated?

Answer options

• A. XSS; implement a SIEM
• B. CSRF; implement an IPS
• C. Directory traversal; implement a WAF
• D. SQL injection; implement an IDS

Correct answer: C

Explanation

The log entry indicates a directory traversal attack, where an attacker attempts to access files outside the web root directory by using relative paths. Implementing a Web Application Firewall (WAF) can help block such attempts by filtering malicious requests. The other options mention different types of attacks and mitigations that are not relevant to the situation presented.