New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CPEH-001 Exam - Topic 4 Question 10 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 10
Topic #: 4
[All CPEH-001 Questions]

Exhibit:

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

Show Suggested Answer Hide Answer
Suggested Answer: D

The attacker submits a PASS to the honeypot and receives a login incorrect before disconnecting.


by Jaclyn at May 03, 2022, 11:59 PM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Adelina
4 months ago
I agree, the log suggests the exploit worked.
upvoted 0 times
...
Cherry
4 months ago
Wait, are we sure the exploit wasn't successful?
upvoted 0 times
...
Leonor
4 months ago
Definitely seems like the exploit was successful!
upvoted 0 times
...
Chaya
4 months ago
I think a new user id was created, not sure though.
upvoted 0 times
...
Amie
5 months ago
Looks like a new port was opened.
upvoted 0 times
...
Glen
5 months ago
I recall that if a new port was opened, it usually indicates a successful attack, so maybe option A is correct?
upvoted 0 times
...
Madelyn
5 months ago
I'm a bit confused; I feel like I need to analyze the log more closely to determine if the exploit was successful or not.
upvoted 0 times
...
Rosendo
5 months ago
I remember a practice question about successful exploits, and I think option C might be the right choice here.
upvoted 0 times
...
Daron
5 months ago
I think the log indicates that a new user ID was created, but I'm not entirely sure. It could also mean something else.
upvoted 0 times
...
Becky
5 months ago
I'm pretty confident that spl_object_hash is the way to go here. It's designed specifically for storing unique object references, so that should do the trick. I'll mark that one down as one of my answers.
upvoted 0 times
...
Evan
5 months ago
I'm not entirely sure which one to choose. Treatment three could be tempting because it maximizes profit, but it feels like it could mislead investors.
upvoted 0 times
...
Gracia
5 months ago
Okay, let's see. If the mouse is broken, it sounds like the admin is using a remote access tool. I'm leaning towards RDP or SSH, but I'll double-check the details.
upvoted 0 times
...

Save Cancel