Question 586 of 730 from exam SY0-601: CompTIA Security+

Question 586 of 730 from exam SY0-601: CompTIA Security+

Prev Question Next Question

Question

A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM.

The analyst first looks at the domain controller and finds the following events:

Keywords Date and time [source Event 2D ere erica [22/26/2019 IMicrosoft mindows ei wuthentication 14:37:21 PM leecurity auditing zailed. Rexberos pre” 12/26/2019 Microsoft mindows authentication S ; : 4772 : 1:37:21 ew security auditing zailed. Rezberes pre- |, Fensadee Wisdowe authentication [32/26/2028 piieroscre wine 4772 failed. 11:37:22 PM security auditing

To better understand what is going on, the analyst runs a command and receives the following output:

name Lastbacpasswordattempt|badpwdcount| John. Smith 12/26/2019 11:37:21 PM 7 Joe. Jones 12/26/2019 11:37:21 PM 13] IMichael.Johnson|12/26/2019 11:37:22 PM| A IMary.Wilson 12/26/2019 11:37:22 PM a] Jane .Brown 12/26/2019 11:37:23 PM 12!

Based on the analyst's findings, which of the following attacks is being executed?

A.

Credential harvesting B.

Keylogger C.

Brute-force D.

Spraying.

D.

Explanations

A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM.

The analyst first looks at the domain controller and finds the following events:

Keywords Date and time [source Event 2D ere erica [22/26/2019 IMicrosoft mindows ei wuthentication 14:37:21 PM leecurity auditing zailed. Rexberos pre” 12/26/2019 Microsoft mindows authentication S ; : 4772 : 1:37:21 ew security auditing zailed. Rezberes pre- |, Fensadee Wisdowe authentication [32/26/2028 piieroscre wine 4772 failed. 11:37:22 PM security auditing

To better understand what is going on, the analyst runs a command and receives the following output:

name Lastbacpasswordattempt|badpwdcount| John. Smith 12/26/2019 11:37:21 PM 7 Joe. Jones 12/26/2019 11:37:21 PM 13] IMichael.Johnson|12/26/2019 11:37:22 PM| A IMary.Wilson 12/26/2019 11:37:22 PM a] Jane .Brown 12/26/2019 11:37:23 PM 12!

Based on the analyst's findings, which of the following attacks is being executed?

A.

Credential harvesting

B.

Keylogger

C.

Brute-force

D.

Spraying.

D.

Prev Question Next Question