200-201 Question #531: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. A security analyst examines Apache web server logs and notices the entries. Which security concern is occurring?

Options

• ASomeone is attempting to exploit a vulnerability in XMLRPC functionality
• BAn attacker potentially gained shell access to the web server
• CThe web server is experiencing a denial-of-service attack
• DA brute-force attack is being attempted against common administrative login pages

Explanation

The Apache web server logs show entries indicative of attempts to exploit a vulnerability specifically targeting the XML-RPC functionality.

Common mistakes.

• B. While a successful exploit could lead to shell access, the log entries themselves would primarily show the exploit attempt against XML-RPC, not direct evidence of shell access unless specific command execution is logged.
• C. A denial-of-service attack typically involves an overwhelming volume of requests aimed at resource exhaustion, not specific, targeted requests to a niche functionality like XML-RPC for exploitation.
• D. Brute-force attacks against administrative login pages would show numerous failed login attempts against common login paths (e.g., /admin, /wp-login.php), not requests specifically targeting XML-RPC endpoints.

Concept tested. Identifying web server log anomalies for XML-RPC exploits

No community discussion yet for this question.