Eccouncil Exam 312-39 Topic 8 Question 85 Discussion

Actual exam question for Eccouncil's 312-39 exam

Question #: 85
Topic #: 8

John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.

What does this event log indicate?

AXSS Attack

BSQL injection Attack

CDirectory Traversal Attack

DParameter Tampering Attack

Show Suggested Answer

Suggested Answer: B

by Beckie at Jul 02, 2024, 02:05 AM

Limited Time Offer

25%

Off

Get Premium 312-39 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Edward

1 months ago

Definitely going with C on this one. The regex pattern is a dead giveaway for a directory traversal attempt. Better lock down those web server logs, John!

upvoted 0 times

Catina

9 days ago

I agree, C seems like the most likely option. Directory traversal attacks are quite common.

upvoted 0 times

...

Dannette

1 months ago

Haha, I bet John was scratching his head trying to figure this one out. Directory traversal attacks can be tricky to spot sometimes.

upvoted 0 times

...

Cristal

1 months ago

I'm not sure, but I think this could also be a parameter tampering attack. The regex pattern seems to be looking for malicious input in the URL parameters.

upvoted 0 times

...

Azalee

2 months ago

This looks like a classic directory traversal attack to me. The regex pattern searches for suspicious directory traversal patterns, so C is the correct answer.

upvoted 0 times