A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without
users' interaction. The SIEM have multiple login entries with the following text:
suspicious event – user: scheduledtasks successfully authenticate on AD on
abnormal time
suspicious event – user: scheduledtasks failed to execute c:weekly_checkups
amazing-3rdparty-domain-assessment.py
suspicious event – user: scheduledtasks failed to execute c:weekly_checkups
secureyourAD-3rdparty-compliance.sh
suspicious event – user: scheduledtasks successfully executed c:weekly_checkups
amazing-3rdparty-domain-assessment.py
Which of the following is the MOST likely attack conducted on the environment?
A. Malicious script
B. Privilege escalation
C. Domain hijacking
D. DNS poisoning
users' interaction. The SIEM have multiple login entries with the following text:
suspicious event – user: scheduledtasks successfully authenticate on AD on
abnormal time
suspicious event – user: scheduledtasks failed to execute c:weekly_checkups
amazing-3rdparty-domain-assessment.py
suspicious event – user: scheduledtasks failed to execute c:weekly_checkups
secureyourAD-3rdparty-compliance.sh
suspicious event – user: scheduledtasks successfully executed c:weekly_checkups
amazing-3rdparty-domain-assessment.py
Which of the following is the MOST likely attack conducted on the environment?
A. Malicious script
B. Privilege escalation
C. Domain hijacking
D. DNS poisoning