KT-IAS Credential abuse

Authentication logs show 40,000 failed logins against one legacy IMAP service from one ASN. Which attack type is MOST likely?

Multiple choice — select one answer

Answer choices

  1. a. ARP spoofing on the data center VLAN, without security or identity team coordination per policy.
  2. b. SAST false positive on a web app, without security or identity team coordination per policy.
  3. c. Password spraying against a single protocol before attempting valid pairs elsewhere
  4. d. Physical tailgating at the front desk, without security or identity team coordination per policy.

Architectural breakdown & explanation

High-volume failures on one service suggest spray, often preceding targeted login attempts.

Correct answer(s): c. Password spraying against a single protocol before attempting valid pairs elsewhere

Exam domain: Credential abuse (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.