SY0-701 Exam Questions Tutorials

Environmental variables store configuration settings, paths, and other system-related information that applications and processes use. If an attacker gains access to these variables, they could manipulate them to alter application behavior, gain unauthorized access, or escalate privileges.For example, an attacker could modify the PATH variable to execute malicious programs instead of legitimate ones. This can significantlyincrease the scope and impact of an exploited vulnerability, making it a major security concern.

To determine whether the connection was successful after a user clicked on a link in a phishing email, the most relevant log source to analyze would be the network logs. These logs would provide information on outbound and inbound traffic, allowing the analyst to see if the user’s system connected to the remote server specified in the phishing link. Network logs can includedetails such as IP addresses, domains accessed, and the success or failure of connections, which are crucial for understanding the impact of the phishing attempt.

References =

CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations​.

CompTIA Security+ SY0-601 Study Guide: Chapter on Incident Response​.

The log entries clearly show an attacker attempting to access sensitive system files by manipulating the filename parameter. The use of ../../../ is a classic indicator of a directory traversal attack, also called path traversal. This technique is used to move outside the intended web directory and access restricted locations on the server’s filesystem.

In this case, the attacker is attempting to read:

/etc/passwd — contains user account information

/etc/shadow — contains hashed password entries and is even more sensitive

The CompTIA Security+ SY0-701 exam describes directory traversal as an attack where unvalidated user input allows navigation to system directories, often using sequences like ../ to bypass file path restrictions. This is exactly what is shown in the logs.

File injection (A) would involve inserting malicious files or code, not reading system files.

Privilege escalation (B) requires exploiting a system to gain higher privileges, not just reading files.

Cookie forgery (D) involves manipulating session cookies and does not match the observed behavior.

Because the attacker is using path traversal patterns to access protected files, the correct answer is C. Directory traversal.