Application Attack Identifier

Analyze real-world evidence artifacts — HTTPHypertext Transfer Protocol — Port 80. Web protocol (unencrypted) requests, server logs, and crash reports — and classify the attack type and monitoring indicator that would detect it.

What You’ll Practice

• Recognizing SQLStructured Query Language — Language for database queries injection, XSSCross-Site Scripting — Injection of malicious scripts into web pages, buffer overflow, directory traversal, privilege escalation, command injection, CSRFCross-Site Request Forgery — Tricking users into submitting unintended requests, and replay attacks from raw evidence
• Mapping attacks to the monitoring indicators that catch them
• Reading HTTPHypertext Transfer Protocol — Port 80. Web protocol (unencrypted) request/response pairs, authentication logs, and application crash dumps

How the Exam Tests This

Objective 2.4 is a “Given a scenario” objective — the heaviest PBQ format on the exam. You’ll be shown evidence and need to identify what’s happening. This lab mirrors that format: evidence first, classification second.

Scoring

Each scenario is worth 2 points: 1 for correct attack classification, 1 for correct indicator identification. Scenarios are randomized each session to prevent memorization.