312-39 Question #6: Real Exam Question with Answer & Explanation

Following a high-priority security incident, you, as an Incident Responder at a Cyber Incident Response firm, initiate an internal investigation after reports confirm a serious data breach in which sensitive customer data, including payment details and personal information, was stolen from a critical web server. You begin analyzing the server logs to reconstruct the attack timeline and identify how the attacker gained access. During your investigation, you discover suspicious activity in the logs, including repeated requests attempting to access files and directories outside of the web server's root directory. Some of these requests appear to be manipulating URL paths to navigate into restricted system files--a behavior that is often associated with web-based exploits. You suspect that a vulnerability in the web server was exploited to bypass security restrictions and access unauthorized directories, potentially exposing sensitive configurations and credentials. However, you still need to confirm the exact technique used. Which type of web application attack might have caused this incident?