Splunk Observability Cloud Certified Metrics User — Question 7
Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server’s access log has the same log entry millions of times:
147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] "GET /login/ HTTP/1.0" 200 3733
What kind of attack is occurring?
Answer options
- A. Denial of Service Attack
- B. Distributed Denial of Service Attack
- C. Cross-Site Scripting Attack
- D. Database Injection Attack
Correct answer: A
Explanation
The correct answer is A, as the repetition of the same access log entry indicates that the server is being overwhelmed by requests, which is characteristic of a Denial of Service Attack. Option B describes a scenario involving multiple systems attacking, which is not evident here. Options C and D refer to different types of attacks that target vulnerabilities in web applications, not server availability.