Upon reviewing log files, what indicates that a directory-traversal attack has occurred?

Access to restricted directories is a strong indicator that a directory-traversal attack has occurred. This type of attack exploits vulnerabilities in applications that do not properly validate user input, allowing an attacker to manipulate URL paths and access files and directories that should be restricted. For example, by using sequences like "../" in the path, an attacker can traverse the directory structure of a web server and access sensitive files that are typically not accessible to regular users.

The presence of access logs showing attempts to reach restricted directories suggests that an attacker is trying to gain unauthorized access to sensitive information or systems. Detecting these kinds of access attempts is crucial for identifying and mitigating potential security breaches resulting from such attacks.

Other options, while they may indicate general suspicious activity or potential security issues, do not specifically indicate a directory-traversal attack. Unusual user access patterns could suggest various types of malicious activity but lack specificity to traversal attacks. Similarly, unexpected file modifications might indicate other forms of tampering or data breaches rather than directly pointing to directory traversal. Failed login attempts typically signify brute-force attacks or unauthorized access attempts but do not directly relate to directory traversal attacks.