Application Attack Identifier

Analyze real-world evidence artifacts — HTTP requests, server logs, and crash reports — and classify the attack type and monitoring indicator that would detect it.

What You’ll Practice

• Recognizing SQL injection, XSS, buffer overflow, directory traversal, privilege escalation, command injection, CSRF, and replay attacks from raw evidence
• Mapping attacks to the monitoring indicators that catch them
• Reading HTTP request/response pairs, authentication logs, and application crash dumps

How the Exam Tests This

Objective 2.4 is a “Given a scenario” objective — the heaviest PBQ format on the exam. You’ll be shown evidence and need to identify what’s happening. This lab mirrors that format: evidence first, classification second.

Scoring

Each scenario is worth 2 points: 1 for correct attack classification, 1 for correct indicator identification. Scenarios are randomized each session to prevent memorization.