splunk · SPLK-5001 · Q606 · multiple_choice · topic_1

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server’s acce…

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server’s access log has the same log entry millions of times: 147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] "GET /login/ HTTP/1.0" 200 3733 What kind of attack is occurring?

A.Denial of Service Attack
B.Distributed Denial of Service Attack
C.Cross-Site Scripting Attack
D.Database Injection Attack

Explanation

Selected Answer: A A. Denial of Service Attack. This suggests that the web server is being overwhelmed by repeated requests from a single source (the IP address 147.186.119.200), which can lead to the server becoming unavailable to legitimate users. If the attack were coming from multiple sources, it would be classified as a Distributed Denial of Service (DDoS) attack, but in this case, the log indicates a single source.

Reference: examtopics_top_comment

Practice with progress tracking

Start tracked practice Pricing