Certified SOC Analyst (CSA) — Question 71

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?

Answer options

• A. Directory Traversal Attack
• B. Parameter Tampering Attack
• C. XSS Attack
• D. SQL Injection Attack

Correct answer: C

Explanation

The correct answer is C, as the regex pattern indicates an attempt to inject JavaScript or HTML code, which is characteristic of a Cross-Site Scripting (XSS) attack. The other options do not fit the regex structure, as Directory Traversal Attack relates to file system access, Parameter Tampering Attack pertains to modifying parameters in web applications, and SQL Injection Attack targets database queries.