CompTIA Security+ (SY0-701) — Question 308

A security analyst attempts to start a company's database server. When the server starts, the analyst receives an error message indicating the database server did not pass authentication. After reviewing and testing the system, the analyst receives confirmation that the server has been compromised and that attackers have redirected all outgoing database traffic to a server under their control. Which of the following MITRE ATT&CK techniques did the attacker most likely use to redirect database traffic?

Answer options

• A. Browser extension
• B. Process injection
• C. Valid accounts
• D. Escape to host

Correct answer: B

Explanation

The correct answer is B, Process injection, as this technique allows attackers to manipulate processes and redirect traffic without detection. Option A, Browser extension, typically affects web browsers and not database servers. Option C, Valid accounts, involves the use of legitimate credentials but does not specifically address traffic redirection. Option D, Escape to host, is not relevant to the scenario of database traffic manipulation.