Cisco CyberOps Professional 300-215 Question # 16 Topic 2 Discussion
300-215 Exam Topic 2 Question 16 Discussion:
Question #: 16
Topic #: 2
Refer to the exhibit. A security analyst notices that a web application running on NGINX is generating an unusual number of log messages. The application is operational and reachable. What is the cause of this activity?
The provided log file contains multiple HTTP GET requests attempting to access various directories and files on the web server such as:
/balance
/security
/finance
/secret
/opt
/fuzzer/admin
These requests appear to be sequential, systematically targeting commonly used file and directory paths. The response codes are mostly 404 (Not Found) and a few 301s, indicating that the requester is trying different permutations of paths to discover hidden or vulnerable endpoints. This behavior is consistent withdirectory fuzzing, a reconnaissance technique used by attackers (or automated tools) to map out web directory structures by sending a high volume of crafted requests to guess hidden or unlinked directories and files.
This is distinct from DDoS (which would manifest as volume-based access issues), SQL injection (which targets specific parameters within requests), or botnet infection (which generally involves command-and-control communication or massive traffic floods).
[Reference:CyberOps Technologies (CBRFIR) 300-215 study guide, Chapter on Web Attacks and Threat Identification – Directory Fuzzing Patterns.]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit