Eccouncil Exam 312-39 Topic 8 Question 85 Discussion

Actual exam question for Eccouncil's 312-39 exam

Question #: 85
Topic #: 8

John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.

What does this event log indicate?

AXSS Attack

BSQL injection Attack

CDirectory Traversal Attack

DParameter Tampering Attack

Show Suggested Answer

Suggested Answer: B

by Beckie at Jul 02, 2024, 02:05 AM

Limited Time Offer

25%

Off

Get Premium 312-39 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Edward

3 months ago

Definitely going with C on this one. The regex pattern is a dead giveaway for a directory traversal attempt. Better lock down those web server logs, John!

upvoted 0 times

Micaela

30 days ago

John's vigilance in monitoring the logs is crucial in detecting and preventing potential security threats.

upvoted 0 times

...

Christiane

1 months ago

We definitely need to tighten the security on our Apache web server to prevent these types of attacks.

upvoted 0 times

...

Willard

1 months ago

Yeah, that regex pattern is a clear indicator of a directory traversal attack. Good catch by John.

upvoted 0 times

...

Catina

2 months ago

I agree, C seems like the most likely option. Directory traversal attacks are quite common.

upvoted 0 times

...

Dannette

3 months ago

Haha, I bet John was scratching his head trying to figure this one out. Directory traversal attacks can be tricky to spot sometimes.

upvoted 0 times

...

Cristal

3 months ago

I'm not sure, but I think this could also be a parameter tampering attack. The regex pattern seems to be looking for malicious input in the URL parameters.

upvoted 0 times

...

Azalee

3 months ago

This looks like a classic directory traversal attack to me. The regex pattern searches for suspicious directory traversal patterns, so C is the correct answer.

upvoted 0 times