Certified SOC Analyst (CSA) — Question 17

John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.
What does this event log indicate?

Answer options

• A. XSS Attack
• B. SQL injection Attack
• C. Directory Traversal Attack
• D. Parameter Tampering Attack

Correct answer: C

Explanation

The Regex pattern identified by John suggests an attempt to access directories outside the intended path, characteristic of a Directory Traversal Attack. The other options, such as XSS and SQL injection, involve different types of payloads and attack vectors, which do not align with the log pattern observed.