ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 315 discussion

Actual exam question from CompTIA's SY0-701
Question #: 315
Topic #: 1
[All SY0-701 Questions]

A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:



Which of the following should the analyst do next?

  • A. Check for recently terminated DBAs.
  • B. Review WAF logs for evidence of command injection.
  • C. Scan the database server for malware.
  • D. Search the web server for ransomware notes.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Cee007 at Sept. 5, 2024, 6:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bluekb
6 days, 20 hours ago
Selected Answer: A
Answer should be A. The analyst found a logic bomb in the database backup code most likely in a job running on the sever on schedule. Most likely this job was created by the DBA. SQL injection code typically uses special command characters to comment out the normally run code.
upvoted 1 times
...
laternak26
2 weeks, 1 day ago
Selected Answer: B
he WAF logs could provide valuable information on malicious requests or attempts to exploit such vulnerabilities, especially command injection.
upvoted 1 times
...
myazureexams
3 months, 3 weeks ago
Selected Answer: B
The answer is B. Based on the provided scenario, the security analyst should prioritize reviewing Web Application Firewall (WAF) logs for evidence of command injection. The unusual database command suggests an unauthorized change, possibly through an injection attack. Checking for recently terminated DBAs is less relevant in this situation.
upvoted 4 times
...
PAWarriors
3 months, 4 weeks ago
Selected Answer: B
B. Review WAF logs for evidence of command injection. The code provided (DROP DATABASE WebShopOnline) suggests that the database was deliberately dropped on a specific date (January 30, 2023). This could potentially be the result of a command injection attack, where an attacker inserts malicious code to manipulate or destroy the database.
upvoted 2 times
...
17f9ef0
4 months ago
Selected Answer: B
Answer is B
upvoted 1 times
...
a4e15bd
4 months ago
Selected Answer: B
While insider threats are always a possibility, the structure of the code suggest an automated or external trigger, rather than an action by a disgruntled employee. A terminate DBA would likely have direct access to drop the database rather than making such as time specific command. Attackers use SQL injection to execute commands like DROP Database remotely through vulnerable interfaces. So B. Reviewing the WAF logs for evidence of command injection makes the correct answer.
upvoted 1 times
...
Cee007
4 months ago
Selected Answer: A
A. Check for recently terminated DBAs. The code indicates that the database was intentionally dropped based on a specific date, which suggests that someone with access and knowledge of the database setup (such as a database administrator) may have executed or scheduled this command. Checking for recently terminated DBAs could help identify if an insider threat or an ex-employee had a role in this incident.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago