nerdexam
Cisco

350-201(NEW-127Q) · Question #59

350-201(NEW-127Q) Question #59: Real Exam Question with Answer & Explanation

The correct answer is A. brute force attack, unauthorized access, data exfiltration, and website defacement. Option A correctly maps each clue to its attack phase in logical order: the flood of failed logins (clue 1) is a textbook brute force attack, which eventually yields a successful login (clue 3) - that's unauthorized access. Once inside, the attacker sends data to an unknown exter

Incident Response and Forensics

Question

A security analyst is examining network traffic patterns to determine the sequence of events during a cyber attack on an organization's web server. The analyst has collected the information:
  1. An unusually high number of failed login attempts were detected on the web server.
  2. A sudden increase in outbound traffic from the webserver to an unknown IP address was observed.
  3. A successful login from an unrecognized IP address occurred, followed by several file uploads.
  4. The organization's website was defaced with a politically motivated message. Based on this information, which description appropriately interprets the sequence of events during the attack?

Options

  • Abrute force attack, unauthorized access, data exfiltration, and website defacement
  • Bdata exfiltration, unauthorized access, brute force attack, and website defacement
  • Cunauthorized access, brute force attack, data exfiltration, and website defacement
  • Dwebsite defacement, data exfiltration, brute force attack, and unauthorized access

Explanation

Option A correctly maps each clue to its attack phase in logical order: the flood of failed logins (clue 1) is a textbook brute force attack, which eventually yields a successful login (clue 3) - that's unauthorized access. Once inside, the attacker sends data to an unknown external IP (clue 2), which is data exfiltration, and finally defaces the site (clue 4) as the visible end goal. Options B and D both place data exfiltration before unauthorized access, which is impossible - you cannot steal data from a system you haven't yet breached. Option C reverses the first two phases, suggesting the attacker gained access before attempting the brute force, but the brute force is the mechanism that enabled access in the first place.

Memory tip: Remember the attacker's logical progression as "Try → Enter → Take → Vandalize" - brute force (trying passwords) → unauthorized access (getting in) → data exfiltration (taking data) → defacement (visible damage). Any answer that puts "take" before "enter" is automatically wrong.

Topics

#Brute Force Attacks#Incident Forensics#Network Traffic Analysis#Attack Sequencing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201(NEW-127Q) Practice