CompTIA Security+ (SY0-701) — Question 406

A security administrator observed the following in a web server log while investigating an incident:

"GET ../../../../etc/passwd"

Which of the following attacks did the security administrator most likely see?

Answer options

• A. Privilege escalation
• B. Credential replay
• C. Brute force
• D. Directory traversal

Correct answer: D

Explanation

The entry in the log indicates an attempt to access the /etc/passwd file, which is a common target in directory traversal attacks. This type of attack seeks to navigate through the file system by exploiting insufficient input validation. The other options, such as privilege escalation, credential replay, and brute force, do not directly relate to the observed log entry.