exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 391 discussion

Actual exam question from CompTIA's SY0-701
Question #: 391
Topic #: 1
[All SY0-701 Questions]

A security analyst attempts to start a company's database server. When the server starts, the analyst receives an error message indicating the database server did not pass authentication. After reviewing and testing the system, the analyst receives confirmation that the server has been compromised and that attackers have redirected all outgoing database traffic to a server under their control. Which of the following MITRE ATT&CK techniques did the attacker most likely use to redirect database traffic?

  • A. Browser extension
  • B. Process injection
  • C. Valid accounts
  • D. Escape to host
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
jbmac
Highly Voted 3 months, 3 weeks ago
Selected Answer: C
The correct answer is: C. Valid accounts Explanation: The MITRE ATT&CK technique "Valid accounts" refers to the use of legitimate credentials (whether obtained through phishing, brute force, or other means) to gain unauthorized access to systems and services. In this case, the attacker likely leveraged valid credentials to compromise the database server and redirect outgoing traffic to a server they control. This technique involves using accounts that are already authorized to bypass security mechanisms and perform malicious actions without raising alarms.
upvoted 6 times
...
jacobtriestech
Highly Voted 5 months, 1 week ago
Selected Answer: D
Escape to host is a technique where an attacker gains unauthorized access to a system and then pivots to other systems within the network. In this case, the attacker gained access to the database server and then redirected its traffic to a controlled server. This indicates a successful escape to host.
upvoted 5 times
...
9ce65e3
Most Recent 1 week ago
Selected Answer: B
Analysis: Redirecting all outgoing database traffic to an attacker-controlled server requires manipulating the server’s behavior at a low level, such as altering network configurations, routing tables, or database processes. Process injection (B) is the most likely MITRE ATT&CK technique, as it allows attackers to inject code into a database process to redirect traffic (e.g., by modifying network calls or DNS resolution). Valid accounts (C) could enable initial access but doesn’t explain traffic redirection. Browser extension (A) is unrelated, and escape to host (D) is contextually inapplicable. The failure to pass authentication suggests tampering with the server’s integrity, further supporting process-level compromise. Final Answer: B. Process injection
upvoted 1 times
...
lukascorpwork
2 weeks, 1 day ago
Selected Answer: D
D. "Escape to host" is a privilege escalation or container breakout technique where an attacker, after compromising a virtualized or containerized system, gains control over the host machine. This would allow them to modify network settings, reroute traffic, and take control over database connections—exactly what happened in this case.
upvoted 1 times
...
JoeRealCool
2 weeks, 3 days ago
Selected Answer: C
It's valid accounts. The attacker used a valid account and changed the password, thus leading to the error message during authentication.
upvoted 1 times
...
prabh1251
1 month ago
Selected Answer: C
Process Injection is a technique where attackers inject malicious code into legitimate processes, enabling them to intercept or redirect network traffic., what is Escape to Host? Escape to Host is a MITRE ATT&CK technique where: ✔️ An attacker breaks out of a sandboxed or virtualized environment (like a container or VM). ✔️ The goal is to gain control of the host machine — not just redirect traffic or compromise a service.
upvoted 2 times
...
itsgonnabemay
1 month ago
Selected Answer: D
"Valid Accounts" refers to an adversary leveraging legitimate credentials, while "Escape to Host" (or container escape) involves an adversary moving from a container to the host machine to gain broader access
upvoted 1 times
...
prabh1251
1 month, 2 weeks ago
Selected Answer: B
Process injection is a technique where an attacker inserts malicious code into a legitimate process, which allows them to: ✅ Gain higher privileges. ✅ Manipulate the process’s behavior. ✅ Redirect traffic or steal data without detection. In this case: The attacker likely injected code into the database server process. This allowed them to redirect database traffic to a malicious server.
upvoted 2 times
...
VincentvdS
2 months, 1 week ago
Selected Answer: B
Nice.. ChatGPT says B, CoPilot says C, Community says D.. Its nice if you add the answer of chatgpt in Copilot.. lol..
upvoted 2 times
...
9149f41
2 months, 3 weeks ago
Selected Answer: B
Valid Accounts explains how the attacker gained access to the server. Process Injection explains how the attacker redirected traffic after gaining access. Both techniques are part of the attack chain, but Process Injection is the most relevant to the traffic redirection described in the scenario. Without Process Injection (or a similar technique), the attacker could not have redirected the traffic, even with valid credentials.
upvoted 2 times
...
93bdd7c
3 months ago
Selected Answer: C
The attacker most likely used the Valid Accounts technique to redirect database traffic. This technique involves an attacker obtaining and using legitimate credentials to bypass authentication and gain access to systems, servers, or services. In this scenario, the error message suggests authentication failure, implying that attackers used valid credentials to reconfigure the server or its network settings, and then set up traffic redirection to exfiltrate data or reroute traffic to a malicious server under their control. Another possible technique that could have been used is Process Injection, which involves injecting malicious code into legitimate processes. This technique can be used to intercept and redirect database traffic to a server under the attacker’s control. However, based on the information provided, Valid Accounts is the most likely technique used by the attacker.
upvoted 2 times
...
pindinga1
3 months ago
Selected Answer: C
The correct answer is C. Valid accounts. Valid accounts is a technique in the MITRE ATT&CK framework where attackers use stolen or compromised legitimate credentials to gain access to a system. In this case, the attackers likely used valid accounts to redirect outgoing database traffic to a server under their control, as they would have had the necessary privileges to modify the database configurations or intercept traffic without triggering alarms.
upvoted 1 times
...
laternak26
4 months ago
Selected Answer: B
Process injection is a technique where an attacker injects malicious code into a legitimate process to evade detection or alter the behavior of that process. In this case, the attackers could have injected code into a legitimate database process to redirect the database traffic. NOT C. Valid accounts because it is not even MITRE Technique. D. Espace to host means escaping from VM to Host not redirecting network traffic.
upvoted 4 times
Eracle
3 months, 2 weeks ago
It's wrong, valid accounts is in mitre ATT&CK!
upvoted 5 times
...
...
ProudFather
4 months, 1 week ago
Selected Answer: D
An escape to host attack allows an attacker to break out of a sandboxed environment, such as a virtual machine or container, and gain access to the underlying host system. In this case, the attacker likely exploited a vulnerability in the database server's software or configuration to escape its security constraints and redirect network traffic.
upvoted 4 times
...
Exam_Prep221
4 months, 1 week ago
Selected Answer: C
Why not the others? A. Browser extension: This technique is used to manipulate or spy on browser-based activity. It does not apply to redirecting database traffic or compromising a database server. B. Process injection: This technique involves injecting malicious code into legitimate processes. While it can evade detection or escalate privileges, it does not directly explain how traffic was redirected. D. Escape to host: This technique applies to virtualized environments (e.g., escaping from a guest VM to the host system) and is unrelated to database traffic redirection.
upvoted 3 times
...
Exam_Prep221
4 months, 1 week ago
Selected Answer: C
The attackers were able to redirect outgoing database traffic to a server they control, which strongly indicates that they had legitimate credentials or valid accounts to access and manipulate the database server or network configurations. The Valid Accounts technique (T1078 in MITRE ATT&CK) involves an attacker obtaining and using legitimate credentials to bypass authentication and gain access to systems, servers, or services. In this scenario: The error message suggests authentication failure, implying that attackers used valid credentials to reconfigure the server or its network settings. They likely set up traffic redirection (e.g., via configuration changes or tunneling) to exfiltrate data or reroute traffic to a malicious server under their control.
upvoted 1 times
...
cda26aa
5 months ago
The MITRE ATT&CK technique most likely used by the attacker to redirect database traffic is B. Process injection. Here's why: Process injection involves injecting malicious code into a legitimate process, allowing the attacker to manipulate the process and redirect traffic without being detected by the operating system2. This technique can be used to intercept and redirect database traffic to a server under the attacker's control. Other options like browser extension, valid accounts, and escape to host are less likely to be directly involved in redirecting database traffic in this scenario.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago