Based on the analyst’s findings, which of the following attacks is being executed?

A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM.

The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst’s findings, which of the following attacks is being executed?
A . Credential harvesting
B . Keylogger
C . Brute-force
D . Spraying

Answer: D

Explanation:

If a user tries to authenticate with a wrong password, the domain controller who handles the authentication request will increment an attribute called badPwdCount. As you can see in the image, the badpwdcount attribute for the user states that many passwords were used to try to log in without success. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords.

https://www.coalfire.com/the-coalfire-blog/march-2019/password-spraying-what-to-do-and-how-to-avoid-it

https://doubleoctopus.com/security-wiki/threats-and-tools/password-spraying/

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments