Certified SOC Analyst (CSA) — Question 1

Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown: http://www.terabytes.com/process.php./../../../../etc/passwd

Answer options

• A. Directory Traversal Attack
• B. SQL Injection Attack
• C. Denial-of-Service Attack
• D. Form Tampering Attack

Correct answer: A

Explanation

The correct answer is A, Directory Traversal Attack, because this type of attack allows the attacker to navigate through the file system by manipulating the file path in the URL. The other options do not pertain to accessing file system contents through URL manipulation; SQL Injection involves database queries, Denial-of-Service targets service availability, and Form Tampering alters form data.