Question 25 of 32 from exam 300-215-CBRFIR: Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps

Question 25 of 32 from exam 300-215-CBRFIR: Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps

Prev Question Next Question

Question

84.55.41.57 - -[17/Apr/2016.06:57:24 +0100] “GETiwordpressiwp-login.php HTTP/1.1" 200 1568 *-" 84.55.4157 - -[17/Apri2016.06:57:31 +0100] "POSTiwordpressivp-login.php HTTP/1.1” 302 1150 “http:/www.example.comwordpress/wp-login php” 84.55.41.57 - {17/Apr/2016:06:57:31 +0100] “GET/wordpress/wp-admin/ HTTP/1.1" 200 12905, “http:/ww.example.comiwordpress/wp-login. php” 84.55.41.57 - -[17/Apr/2016:07:00:32 +0100] ‘POSTiwordpress/wp-admin/admin-ajax.php HTTP/1.1" 200 454 “http:/www.example.com/wordpress/wp-admin’” 84.55.4157 - -[17/Apri2016.07:11:48 +0100 “GETiwordpress/wp-admin/plugin- install.php HTTP/1.1” 200 12459 “http:/www.example.com/wordpress/wp-admin/plugin-install php ?tab=upload” 84.55.41.57 - [17/Apr/2016:07:16:06 +0100] “GET !wordpressiwp-admin/update.php? action=install- plugin&plugin=file-manager&_wpnonce=3c6c8a7fca HTTP/1.1” 200 5698 “http:/www.example.comwordpress/wp-admin/plugin install php tab=search&s=file+permission” 84.55.41.57 - -[17/Apr/2016:07:18:19 +0100] “GET Awordpressiwp- admin/plugins php ?action=activat&plugin=file-manager%2Ffile-manager php&_wpnonce=f932ee530 HTTP/1.1" 302.451 “http://www_example. com/wordpressiwp-admirvupdate.php?action=install- plugin&plugin=file-manager&_wpnonce=3c6c8a7fca” 84.55.41.57 - [17/Apri2016:07:21:46 +0100] “GET wordpress/wp-admin/admin-ajax.php? action=connector&cmd=upload&target=I1_d3AtY29udGVudA&name%5B%5D=r57 php&FILES =&_=1460873968131 HTTP/1.1" 200 731 “http:/www.example.com/wordpress/wp-admin/admin php? page=fie-manager_settings” 8455.41.57 - {1 7/Apr/2016:07:22:53+0100] ‘GET /wordpress/wp-contentir57.php HTTP/1.1” 200 9036 "." 84.55.41.57--[17/Apri2016:07:32:24 +0100] "POST /wordpressiwp-contentr57.php?14 HTTP/1.1” 200 8030 ‘hitp:/www.example. comiwordpressiwp-contentir57.php?14" 84.55.41.57 - {17/Apr!2016:07:29:21 +0100] “GET /wordpress/wp-contenti'57.php?29 HTTP/1.1" 200 8391 *http:/www.example.com/wordpressiwp-contentir57,php?28"

Refer to the exhibit.

Which two determinations should be made about the attack from the Apache access logs? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

CD.

Prev Question Next Question