Certified SOC Analyst (CSA) — Question 47

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\’))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?

Answer options

• A. SQL Injection Attack
• B. Parameter Tampering Attack
• C. XSS Attack
• D. Directory Traversal Attack

Correct answer: A

Explanation

The regex pattern indicates an SQL Injection Attack as it is designed to match input that could manipulate SQL queries. The other options do not correspond to this regex pattern, as Parameter Tampering focuses on altering parameters, XSS relates to injecting scripts, and Directory Traversal involves accessing restricted directories.