Splunk Observability Cloud Certified Metrics User — Question 68
An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:
147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] "POST /cgi-bin/shutdown/ HTTP/1.0" 200 3333
What kind of attack is most likely occurring?
Answer options
- A. Distributed denial of service attack.
- B. Denial of service attack.
- C. Database injection attack.
- D. Cross-Site scripting attack.
Correct answer: B
Explanation
The correct answer is B, as the log entry indicates a direct request to shutdown the server, which is characteristic of a Denial of Service attack, aimed at making services unavailable. Options A, C, and D do not fit this scenario; A refers to multiple sources attacking concurrently, C involves manipulating database queries, and D is related to script execution on the client side.