exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 71 discussion

Actual exam question from CompTIA's SY0-701
Question #: 71
Topic #: 1
[All SY0-701 Questions]

A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

  • A. The user jsmith’s account has been locked out.
  • B. A keylogger is installed on jsmith’s workstation.
  • C. An attacker is attempting to brute force jsmith’s account.
  • D. Ransomware has been deployed in the domain.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
nyyankee718
Highly Voted 8 months, 3 weeks ago
Selected Answer: B
Can be B or C, but leaning B Since they already have the password, its not a brute force attack
upvoted 7 times
a4e15bd
8 months, 1 week ago
I thought the same, but trying multiple MFA codes is also considered brute force.
upvoted 17 times
KSoLL
1 month, 1 week ago
Well the best issue would be quarantined the keylogger still. If you only deal with the brute force problem. The issue will still be there since the key logger is still on the device. You can fix the issue with brute force all you want but if I will still know your password every time you log in.
upvoted 1 times
KSoLL
1 month, 1 week ago
"You can fix the issue with brute force all you want but the keylogger issue will still record the users input, every time the user logs in" Sorry fixing my grammar
upvoted 1 times
...
...
...
...
dbrowndiver
Highly Voted 8 months ago
Selected Answer: C
The scenario perfectly matches a common security issue where attackers gain partial access through stolen credentials but are thwarted by MFA, which they try to bypass unsuccessfully.The repeated success in password authentication suggests that the attacker has access to jsmith's password, but the failure of MFA points to an attempt to guess or brute-force the MFA code.
upvoted 6 times
...
shootweb
Most Recent 1 week, 4 days ago
Selected Answer: C
C. It’s not B because you can brute-force anything. A brute-force attack relies on trial and error and isn’t limited to passwords—you can brute-force usernames, URLs, directories, parameters, MFA, etc. This could very well be a case of someone whose credentials (username and password) were leaked on the dark web, which also rules out B. The attacker knows the username and password but doesn’t have access to the MFA, so they are brute-forcing it.
upvoted 1 times
...
KSoLL
1 month, 1 week ago
Selected Answer: B
The answer is B. Why is it B? because If it was brute force the Password authentication would have failed and not successful. When brute force occurs, it means that the attacker is running a script to input different kind of password until it hit the right one. In this case the attacker knew the password since the password authentication successful for all four logins. And someone that say MFA failed is a brute force. yes that can be true but the right answer would be still B since the keylogger was the main issue. If MFA wasn't in place the hacker would have access to the account.
upvoted 1 times
...
justin1995
1 month, 2 weeks ago
Selected Answer: B
there should be invalid passwords if bruteforce
upvoted 1 times
...
Ashtom
1 month, 3 weeks ago
Selected Answer: B
in class we learned the best solution against keyloggers is MFA
upvoted 1 times
...
vm_mscs
1 month, 4 weeks ago
Selected Answer: B
Someone without access to MFA successfully enters password. Password is known, how? I choose B.
upvoted 1 times
...
fufuuu
2 months, 2 weeks ago
Selected Answer: B
B. A keylogger is installed on jsmith’s workstation.
upvoted 1 times
...
Aces155
2 months, 3 weeks ago
Selected Answer: C
I think this is a poorly written question. A. If the user entered their MFA token incorrectly a bunch of times it possible that the system locked them out so it’s not working. B. This could be how the threat actor obtained the user’s password C. While foolish and a waste of time, attempting to guess the MFA code is essentially the same trying to guess the user’s password, thus making it a brute force attack. Given the limited information we have I’m going with C
upvoted 1 times
Aces155
2 months, 3 weeks ago
Actually, now that I've thought about it some more, given how unlikely and foolish it would be to try to brute force an MFA token, I think it's more likely jsmith has a keylogger installed on his device, so B.
upvoted 1 times
...
...
Coznet
2 months, 3 weeks ago
Selected Answer: B
B: Keylogger got the PW and is stuck on MFA. C is incorrect as MFA code changes every time so you cant brute force it. It would be possible to try the SAME code every time until you got lucky or got locked out but that aint BF.
upvoted 2 times
...
MaxiPrince
3 months, 2 weeks ago
Selected Answer: C
An attacker is attempting to brute force jsmith’s account
upvoted 1 times
...
Damique
4 months, 1 week ago
Selected Answer: B
It is not a brute force attack since the hacker already has the password because of the keylogger
upvoted 2 times
...
Greyhat
4 months, 1 week ago
The correct answer is A. The user jsmith’s account has been locked out. This is because the log shows multiple failed attempts with an “invalid code” error, which is typically a result of too many incorrect password attempts. This would trigger an account lockout policy to prevent brute-force attacks. Option B. There is no indication of a keylogger in the log. Keyloggers typically don’t trigger account lockouts. Option C. While this might be a possible scenario, the log doesn’t explicitly show a brute-force attack. The “invalid code” error suggests a lockout due to incorrect password attempts, not a brute force attack. Option D. There is no indication of ransomware in the log. Ransomware typically doesn’t trigger account lockouts.
upvoted 1 times
...
barracouto
6 months ago
Selected Answer: C
The log entries show multiple successful password authentications followed by multiple failed MFA (Multi-Factor Authentication) attempts due to invalid codes. This pattern suggests that the user’s password has been correctly entered multiple times, but the MFA codes are consistently failing. The best explanation for what the security analyst has discovered is: C. An attacker is attempting to brute force jsmith’s account. The repeated successful password authentications followed by failed MFA attempts indicate that an attacker may have obtained the user’s password and is now trying to bypass the second layer of security, the MFA, by attempting multiple invalid codes.
upvoted 4 times
...
Etc_Shadow28000
9 months, 3 weeks ago
Selected Answer: C
The log entries indicate that the user "jsmith" has successfully authenticated with a password but has repeatedly failed the Multi-Factor Authentication (MFA) step due to an invalid code. This pattern suggests that the correct password is known or has been compromised, but the attacker is unable to provide the correct MFA code. Given this information, the most likely explanation is: C. An attacker is attempting to brute force jsmith’s account. The repeated MFA failures suggest that someone other than the legitimate user is trying to gain access, potentially indicating a brute force attempt or another form of unauthorized access where the password is known, but the second factor of authentication is not.
upvoted 3 times
...
leedsbarber
9 months, 3 weeks ago
Selected Answer: C
Brute force involves trying different combinations of passwords/other credentials. This attacker knows the username and password and is clearly not guessing. A keylogger would know the username and password, but not have access to the MFA.
upvoted 4 times
...
c80f5c5
10 months ago
Selected Answer: C
If the question mentioned a login from a specific workstation, or said its local login only, then yes it would be keylogger. However, this could be a login from home computer, mobile device, anything. Answer B could be correct but more info would be needed. Based on available info C is best.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago