Certified Information Systems Security Professional – CISSP – Question375

An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization’s general Information Technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

A.
Buffer overflow
B. Distributed Denial of Service (DDoS)
C. Cross-Site Scripting (XSS)
D. Weak password due to lack of complexity rules

Correct Answer: A