While analyzing SIEM alerts for a company WAF, an incident response analyst observes the following: https://corporate-A.com/loadimage?filename=../../etc/ https://corporate-A.com/loadimage?filename=../../etc/passwd https://corporate-A.com/loadimage?filename=../../etc/passwd Which of the following best describes the observed behavior?

Credential replay attacks involve intercepting and reusing valid user credentials to gain unauthorized access to systems. The scenario described does not demonstrate any reuse of credentials or authentication processes, but rather focuses on file access attempts, making this choice irrelevant to the observed behavior.

A brute-force attack refers to systematically trying many combinations of passwords or encryption keys to gain access to a system. The URLs provided do not show any attempts at password guessing or brute-forcing user accounts, thus making this choice inappropriate for describing the observed behavior.

Resource exhaustion attacks aim to deplete system resources, such as memory or processing power, often through excessive requests or data processing. The actions observed do not involve overwhelming the system's resources but focus on accessing specific files, making this option unsuitable in this context.