Which of the following is the analyst most likely observing?

A security analyst is reviewing the network security monitoring logs listed below:

Which of the following is the analyst most likely observing? (Select two).
A . 10.1.1.128 sent potential malicious traffic to the web server.
B. 10.1.1.128 sent malicious requests, and the alert is a false positive
C. 10.1.1.129 successfully exploited a vulnerability on the web server
D. 10.1.1.129 sent potential malicious requests to the web server
E. 10.1.1.129 can determine mat port 443 is being used
F. 10.1.1.130 can potentially obtain information about the PHP version

View Answer

Answer: D,F

Explanation:

A security analyst is reviewing the network security monitoring logs listed below and is most likely observing that 10.1.1.129 sent potential malicious requests to the web server and that 10.1.1.130 can potentially obtain information about the PHP version. The logs show that 10.1.1.129 sent two requests to the web server with suspicious parameters, such as “union select” and “or 1=1”, which are commonly used for SQL injection attacks. The logs also show that 10.1.1.130 sent a request to the web server with a parameter “phpinfo”, which is a function that displays information about the PHP configuration and environment, which can be useful for attackers to find vulnerabilities or exploit them. References: CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives (CS0-002), page 8; https://owasp.org/www-community/attacks/SQL_Injection;

https://www.php.net/manual/en/function.phpinfo.php