# SPLK-5001 — Question 606

**Type:** multiple_choice
**Topics:** topic_1

## Question

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server’s access log has the same log entry millions of times:
147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] "GET /login/ HTTP/1.0" 200 3733
What kind of attack is occurring?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: A
A. Denial of Service Attack.

This suggests that the web server is being overwhelmed by repeated requests from a single source (the IP address 147.186.119.200), which can lead to the server becoming unavailable to legitimate users. If the attack were coming from multiple sources, it would be classified as a Distributed Denial of Service (DDoS) attack, but in this case, the log indicates a single source.

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/splunk/SPLK-5001/606  
Practice (tracked): https://hiexam.net/study/SPLK-5001/practice