Attack Identification & Remediation
For each scenario, identify the attack type and select the most appropriate remediation.
Scenario 1: During peak business hours, a company's public-facing web application becomes intermittently unavailable. Network monitoring tools report a sustained increase in incomplete TCP connection attempts from many different external IP addresses.
Scenario 2: A help desk technician notices that an employee's workstation is periodically establishing outbound connections to an unknown external system. Shortly afterward, unauthorized system commands are executed without the user's knowledge.
Scenario 3: Multiple systems within the same network segment begin exhibiting similar abnormal behavior within a short period of time. Investigation reveals that a backend database service was exposed using vendor-default credentials.
Scenario 4: An executive reports repeated account compromises despite antivirus scans showing no signs of malware. A physical inspection reveals an unauthorized device connected between the keyboard and the workstation.
Scenario 5: A security review of a custom-developed application uncovers undocumented logic that allows system access without standard authentication checks.