CompTIA Security+ SY0-601 – Question062

A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without
users' interaction. The SIEM have multiple login entries with the following text:
suspicious event – user: scheduledtasks successfully authenticate on AD on
abnormal time
suspicious event – user: scheduledtasks failed to execute c:weekly_checkups
amazing-3rdparty-domain-assessment.py
suspicious event – user: scheduledtasks failed to execute c:weekly_checkups
secureyourAD-3rdparty-compliance.sh
suspicious event – user: scheduledtasks successfully executed c:weekly_checkups
amazing-3rdparty-domain-assessment.py
Which of the following is the MOST likely attack conducted on the environment?


A.
Malicious script
B. Privilege escalation
C. Domain hijacking
D. DNS poisoning

Correct Answer: B