In the sample honeypot log, which event indicates an FTP password retrieval attempt?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

In the sample honeypot log, which event indicates an FTP password retrieval attempt?

Explanation:
The key idea is to identify the action that explicitly targets credentials in the honeypot log. An FTP password retrieval attempt is indicated by the event labeled ftp-passwd-retrieval. This event name directly describes trying to fetch the FTP password file, which is a classic credential-recovery/credential-theft activity seen in attack patterns. In contrast, the other events map to different kinds of activity: a port scan shows someone probing for open ports, a DNS version query requests the version information of the DNS server, and an RPC information query seeks details about RPC services. None of these describe retrieving password data via FTP, so they don’t match the described malicious action. So, the ftp-passwd-retrieval event is the correct signal because its label explicitly denotes an attempt to obtain password information through FTP.

The key idea is to identify the action that explicitly targets credentials in the honeypot log. An FTP password retrieval attempt is indicated by the event labeled ftp-passwd-retrieval. This event name directly describes trying to fetch the FTP password file, which is a classic credential-recovery/credential-theft activity seen in attack patterns.

In contrast, the other events map to different kinds of activity: a port scan shows someone probing for open ports, a DNS version query requests the version information of the DNS server, and an RPC information query seeks details about RPC services. None of these describe retrieving password data via FTP, so they don’t match the described malicious action.

So, the ftp-passwd-retrieval event is the correct signal because its label explicitly denotes an attempt to obtain password information through FTP.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy