exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 391 discussion

Actual exam question from CompTIA's SY0-701
Question #: 391
Topic #: 1
[All SY0-701 Questions]

A security analyst attempts to start a company's database server. When the server starts, the analyst receives an error message indicating the database server did not pass authentication. After reviewing and testing the system, the analyst receives confirmation that the server has been compromised and that attackers have redirected all outgoing database traffic to a server under their control. Which of the following MITRE ATT&CK techniques did the attacker most likely use to redirect database traffic?

  • A. Browser extension
  • B. Process injection
  • C. Valid accounts
  • D. Escape to host
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
jbmac
Highly Voted 3 months ago
Selected Answer: C
The correct answer is: C. Valid accounts Explanation: The MITRE ATT&CK technique "Valid accounts" refers to the use of legitimate credentials (whether obtained through phishing, brute force, or other means) to gain unauthorized access to systems and services. In this case, the attacker likely leveraged valid credentials to compromise the database server and redirect outgoing traffic to a server they control. This technique involves using accounts that are already authorized to bypass security mechanisms and perform malicious actions without raising alarms.
upvoted 5 times
...
jacobtriestech
Highly Voted 4 months, 2 weeks ago
Selected Answer: D
Escape to host is a technique where an attacker gains unauthorized access to a system and then pivots to other systems within the network. In this case, the attacker gained access to the database server and then redirected its traffic to a controlled server. This indicates a successful escape to host.
upvoted 5 times
...
prabh1251
Most Recent 1 week, 6 days ago
Selected Answer: C
Process Injection is a technique where attackers inject malicious code into legitimate processes, enabling them to intercept or redirect network traffic., what is Escape to Host? Escape to Host is a MITRE ATT&CK technique where: ✔️ An attacker breaks out of a sandboxed or virtualized environment (like a container or VM). ✔️ The goal is to gain control of the host machine — not just redirect traffic or compromise a service.
upvoted 1 times
...
itsgonnabemay
1 week, 6 days ago
Selected Answer: D
"Valid Accounts" refers to an adversary leveraging legitimate credentials, while "Escape to Host" (or container escape) involves an adversary moving from a container to the host machine to gain broader access
upvoted 1 times
...
prabh1251
3 weeks ago
Selected Answer: B
Process injection is a technique where an attacker inserts malicious code into a legitimate process, which allows them to: ✅ Gain higher privileges. ✅ Manipulate the process’s behavior. ✅ Redirect traffic or steal data without detection. In this case: The attacker likely injected code into the database server process. This allowed them to redirect database traffic to a malicious server.
upvoted 2 times
...
VincentvdS
1 month, 2 weeks ago
Selected Answer: B
Nice.. ChatGPT says B, CoPilot says C, Community says D.. Its nice if you add the answer of chatgpt in Copilot.. lol..
upvoted 2 times
...
9149f41
2 months ago
Selected Answer: B
Valid Accounts explains how the attacker gained access to the server. Process Injection explains how the attacker redirected traffic after gaining access. Both techniques are part of the attack chain, but Process Injection is the most relevant to the traffic redirection described in the scenario. Without Process Injection (or a similar technique), the attacker could not have redirected the traffic, even with valid credentials.
upvoted 2 times
...
93bdd7c
2 months, 1 week ago
Selected Answer: C
The attacker most likely used the Valid Accounts technique to redirect database traffic. This technique involves an attacker obtaining and using legitimate credentials to bypass authentication and gain access to systems, servers, or services. In this scenario, the error message suggests authentication failure, implying that attackers used valid credentials to reconfigure the server or its network settings, and then set up traffic redirection to exfiltrate data or reroute traffic to a malicious server under their control. Another possible technique that could have been used is Process Injection, which involves injecting malicious code into legitimate processes. This technique can be used to intercept and redirect database traffic to a server under the attacker’s control. However, based on the information provided, Valid Accounts is the most likely technique used by the attacker.
upvoted 1 times
...
pindinga1
2 months, 1 week ago
Selected Answer: C
The correct answer is C. Valid accounts. Valid accounts is a technique in the MITRE ATT&CK framework where attackers use stolen or compromised legitimate credentials to gain access to a system. In this case, the attackers likely used valid accounts to redirect outgoing database traffic to a server under their control, as they would have had the necessary privileges to modify the database configurations or intercept traffic without triggering alarms.
upvoted 1 times
...
laternak26
3 months, 1 week ago
Selected Answer: B
Process injection is a technique where an attacker injects malicious code into a legitimate process to evade detection or alter the behavior of that process. In this case, the attackers could have injected code into a legitimate database process to redirect the database traffic. NOT C. Valid accounts because it is not even MITRE Technique. D. Espace to host means escaping from VM to Host not redirecting network traffic.
upvoted 4 times
Eracle
2 months, 3 weeks ago
It's wrong, valid accounts is in mitre ATT&CK!
upvoted 5 times
...
...
ProudFather
3 months, 2 weeks ago
Selected Answer: D
An escape to host attack allows an attacker to break out of a sandboxed environment, such as a virtual machine or container, and gain access to the underlying host system. In this case, the attacker likely exploited a vulnerability in the database server's software or configuration to escape its security constraints and redirect network traffic.
upvoted 4 times
...
Exam_Prep221
3 months, 2 weeks ago
Selected Answer: C
Why not the others? A. Browser extension: This technique is used to manipulate or spy on browser-based activity. It does not apply to redirecting database traffic or compromising a database server. B. Process injection: This technique involves injecting malicious code into legitimate processes. While it can evade detection or escalate privileges, it does not directly explain how traffic was redirected. D. Escape to host: This technique applies to virtualized environments (e.g., escaping from a guest VM to the host system) and is unrelated to database traffic redirection.
upvoted 2 times
...
Exam_Prep221
3 months, 2 weeks ago
Selected Answer: C
The attackers were able to redirect outgoing database traffic to a server they control, which strongly indicates that they had legitimate credentials or valid accounts to access and manipulate the database server or network configurations. The Valid Accounts technique (T1078 in MITRE ATT&CK) involves an attacker obtaining and using legitimate credentials to bypass authentication and gain access to systems, servers, or services. In this scenario: The error message suggests authentication failure, implying that attackers used valid credentials to reconfigure the server or its network settings. They likely set up traffic redirection (e.g., via configuration changes or tunneling) to exfiltrate data or reroute traffic to a malicious server under their control.
upvoted 1 times
...
cda26aa
4 months, 1 week ago
The MITRE ATT&CK technique most likely used by the attacker to redirect database traffic is B. Process injection. Here's why: Process injection involves injecting malicious code into a legitimate process, allowing the attacker to manipulate the process and redirect traffic without being detected by the operating system2. This technique can be used to intercept and redirect database traffic to a server under the attacker's control. Other options like browser extension, valid accounts, and escape to host are less likely to be directly involved in redirecting database traffic in this scenario.
upvoted 4 times
...
srtysrhtyjumnuyedt
4 months, 1 week ago
Selected Answer: D
D is correct. According to the MITRE ATT&CK framework: "Escape to Host Adversaries may break out of a container to gain access to the underlying host. This can allow an adversary access to other containerized resources from the host level or to the host itself. In principle, containerized resources should provide a clear separation of application functionality and be isolated from the host environment. [...] Gaining access to the host may provide the adversary with the opportunity to achieve follow-on objectives, such as establishing persistence, moving laterally within the environment, accessing other containers running on the host, or setting up a command and control channel on the host."
upvoted 2 times
...
b82faaf
4 months, 2 weeks ago
Selected Answer: C
Valid accounts is a MITRE ATT&CK technique used in this case.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago