Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 200-201 Topic 3 Question 92 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 92
Topic #: 3
[All 200-201 Questions]

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?

Show Suggested Answer Hide Answer
Suggested Answer: A

TCP injection is an attack where the attacker sends crafted packets into an existing TCP session. These packets appear to be part of the session.

The presence of many SYN packets with the same sequence number, source, and destination IP but different payloads indicates that an attacker might be injecting packets into the session.

This method can be used to disrupt communication, inject malicious commands, or manipulate the data being transmitted.


Understanding TCP Injection Attacks

Analyzing Packet Captures for Injection Attacks

Network Security Monitoring Techniques

Contribute your Thoughts:

Tawanna
4 months ago
I think it's due to insufficient network resources.
upvoted 0 times
...
Thad
4 months ago
I think it's a failure of the full packet capture solution.
upvoted 0 times
...
Phyliss
4 months ago
I believe it could be a misconfiguration of a web filter.
upvoted 0 times
...
Fairy
4 months ago
I agree with Isidra, it does sound like TCP injection.
upvoted 0 times
...
France
4 months ago
Insufficient network resources? Nah, this has got to be a case of too much network activity if you ask me. Looks like the old 'traffic jam' scenario to me.
upvoted 0 times
Roslyn
4 months ago
D) insufficient network resources
upvoted 0 times
...
Willard
4 months ago
C) Failure of the full packet capture solution
upvoted 0 times
...
Lashawna
4 months ago
B) misconfiguration of a web filter
upvoted 0 times
...
Ettie
4 months ago
A) TCP injection
upvoted 0 times
...
...
Isidra
4 months ago
I think it might be TCP injection causing this.
upvoted 0 times
...
Clare
5 months ago
Hmm, I'd say it's a failure of the full packet capture solution. Those tools can be finicky, and it seems like it's missing something important here. Better double-check the setup.
upvoted 0 times
Fabiola
4 months ago
C) Failure of the full packet capture solution
upvoted 0 times
...
Layla
4 months ago
B) misconfiguration of a web filter
upvoted 0 times
...
Malcom
4 months ago
A) TCP injection
upvoted 0 times
...
Stevie
4 months ago
It could also be insufficient network resources causing the issue.
upvoted 0 times
...
Elfrieda
4 months ago
Maybe there's a TCP injection happening.
upvoted 0 times
...
Mitsue
4 months ago
I think it might be a misconfiguration of a web filter.
upvoted 0 times
...
...
Izetta
5 months ago
I'm going with B, misconfiguration of a web filter. Sounds like the web filter is letting through some shady stuff. Time to call the IT team and get that sorted out.
upvoted 0 times
...
Murray
5 months ago
Definitely TCP injection. Those varying payloads are a dead giveaway for that kind of attack. Gotta watch out for those crafty hackers!
upvoted 0 times
Ulysses
5 months ago
We need to be vigilant and make sure our network security measures are up to date.
upvoted 0 times
...
Shawnda
5 months ago
Yes, you're right. TCP injection can definitely cause those varying payloads.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77