CompTIA Security+ (SY0-601) — Question 854

A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message: "Special privileges assigned to new logon." Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

Answer options

• A. Pass-the-hash
• B. Buffer overflow
• C. Cross-site scripting
• D. Session replay

Correct answer: A

Explanation

The correct answer is A, Pass-the-hash, as this attack allows an attacker to authenticate without needing the actual password, leading to special privileges being assigned without a valid logon. The other options, such as Buffer overflow, Cross-site scripting, and Session replay, do not directly relate to the assignment of privileges in the absence of legitimate logon credentials.