During a routine investigation, Daniel, a threat analyst, notices repetitive failed login attempts in server...

The EC-Council Incident Handler (ECIH) curriculum explains that dictionary attacks are a form of brute-force authentication attack where an attacker systematically attempts multiple username-password combinations until valid credentials are found.

In web server logs, repeated HTTP POST requests targeting login endpoints with consistent status codes indicate automated credential attempts. The repeated failed attempts followed by a 302 redirect (commonly used after successful authentication to redirect users to a dashboard or landing page) strongly suggests that valid credentials were eventually discovered.

Option B (session hijacking) involves stealing session tokens rather than repeated login attempts. Option C (SQL injection) typically includes abnormal query strings or database errors in logs. Option D (CSRF) involves unauthorized actions triggered via authenticated sessions, not repetitive login attempts.

ECIH emphasizes monitoring authentication logs, implementing account lockout policies, enforcing strong password policies, and deploying multi-factor authentication to mitigate dictionary and brute-force attacks.

Therefore, the observed log pattern is indicative of a dictionary attack.