Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 200-201 Topic 4 Question 87 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 87
Topic #: 4
[All 200-201 Questions]

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?

Show Suggested Answer Hide Answer
Suggested Answer: A

TCP injection is an attack where the attacker sends crafted packets into an existing TCP session. These packets appear to be part of the session.

The presence of many SYN packets with the same sequence number, source, and destination IP but different payloads indicates that an attacker might be injecting packets into the session.

This method can be used to disrupt communication, inject malicious commands, or manipulate the data being transmitted.


Understanding TCP Injection Attacks

Analyzing Packet Captures for Injection Attacks

Network Security Monitoring Techniques

by Cassi at May 20, 2024, 06:29 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Herschel
4 months ago
Oh great, now the hackers are getting creative with their payload variation. I feel for the engineer trying to sort this mess out. TCP injection for the win!
upvoted 0 times
Lonna
3 months ago
User 3: The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Thersa
3 months ago
User 3: The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Francoise
3 months ago
User 2: Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Sanda
3 months ago
User 2: Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Ashlyn
3 months ago
User 1: This looks like a case of TCP injection.
upvoted 0 times
...
Ivette
3 months ago
User 1: This looks like a case of TCP injection.
upvoted 0 times
...
...
Lili
4 months ago
I bet the network admin is wondering if they should have invested in a better packet capture solution. But hey, at least they're getting some excitement in their day. A is the way to go.
upvoted 0 times
...
Margo
4 months ago
Insufficient network resources? Come on, this is clearly a security issue. TCP injection all the way, folks.
upvoted 0 times
...
Adelina
4 months ago
Hmm, the varying payloads make me think it's not a misconfigured web filter. Gotta be some kind of malicious activity going on. A for sure.
upvoted 0 times
Bulah
3 months ago
User 2: Yeah, I think so too. It's probably some kind of malicious activity going on.
upvoted 0 times
...
Leonida
3 months ago
User 1: I agree, the varying payloads seem suspicious. Definitely sounds like TCP injection.
upvoted 0 times
...
Isadora
4 months ago
User 2: Definitely, it's probably TCP injection causing the issue.
upvoted 0 times
...
Kanisha
4 months ago
User 3: I think we should investigate further to confirm if it's a TCP injection.
upvoted 0 times
...
Marleen
4 months ago
User 2: Yeah, the same sequence number and different payloads definitely point to malicious activity.
upvoted 0 times
...
Candida
4 months ago
User 1: I agree, those varying payloads seem suspicious.
upvoted 0 times
...
Antonio
4 months ago
User 1: I agree, it seems like some kind of TCP injection is happening.
upvoted 0 times
...
...
Amie
4 months ago
This sounds like a classic TCP injection attack. The different payloads suggest the attacker is trying to bypass security measures. I'd go with option A.
upvoted 0 times
Twana
4 months ago
Maybe the web filter is misconfigured and allowing these packets through. Option B could also be a possibility.
upvoted 0 times
...
Ben
4 months ago
Yes, option A makes the most sense in this situation.
upvoted 0 times
...
Deonna
4 months ago
I agree, it does seem like a TCP injection attack. Option A is the most likely cause.
upvoted 0 times
...
Ashlee
4 months ago
I agree, it does seem like a TCP injection attack.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77