CompTIA Security+ (SY0-601) — Question 687

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

Answer options

• A. Rainbow table attack
• B. Password spraying
• C. Logic bomb
• D. Malware bot

Correct answer: B

Explanation

The correct answer is B, as password spraying involves attempting a few common passwords against many accounts to gain unauthorized access, which fits the scenario of multiple failed attempts on a valid user ID. Option A, a rainbow table attack, typically involves precomputed hashes and is not characterized by rapid failed login attempts. Options C and D do not accurately describe the behavior observed in this context.