Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 200-201 Topic 4 Question 87 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 87
Topic #: 4
[All 200-201 Questions]

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?

Show Suggested Answer Hide Answer
Suggested Answer: A

TCP injection is an attack where the attacker sends crafted packets into an existing TCP session. These packets appear to be part of the session.

The presence of many SYN packets with the same sequence number, source, and destination IP but different payloads indicates that an attacker might be injecting packets into the session.

This method can be used to disrupt communication, inject malicious commands, or manipulate the data being transmitted.


Understanding TCP Injection Attacks

Analyzing Packet Captures for Injection Attacks

Network Security Monitoring Techniques

Contribute your Thoughts:

Herschel
6 months ago
Oh great, now the hackers are getting creative with their payload variation. I feel for the engineer trying to sort this mess out. TCP injection for the win!
upvoted 0 times
Lonna
5 months ago
The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Thersa
5 months ago
The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Francoise
5 months ago
Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Sanda
5 months ago
Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Ashlyn
5 months ago
This looks like a case of TCP injection.
upvoted 0 times
...
Ivette
6 months ago
This looks like a case of TCP injection.
upvoted 0 times
...
...
Lili
6 months ago
I bet the network admin is wondering if they should have invested in a better packet capture solution. But hey, at least they're getting some excitement in their day. A is the way to go.
upvoted 0 times
...
Margo
6 months ago
Insufficient network resources? Come on, this is clearly a security issue. TCP injection all the way, folks.
upvoted 0 times
...
Adelina
6 months ago
Hmm, the varying payloads make me think it's not a misconfigured web filter. Gotta be some kind of malicious activity going on. A for sure.
upvoted 0 times
Bulah
5 months ago
Yeah, I think so too. It's probably some kind of malicious activity going on.
upvoted 0 times
...
Leonida
6 months ago
I agree, the varying payloads seem suspicious. Definitely sounds like TCP injection.
upvoted 0 times
...
Isadora
6 months ago
Definitely, it's probably TCP injection causing the issue.
upvoted 0 times
...
Kanisha
6 months ago
I think we should investigate further to confirm if it's a TCP injection.
upvoted 0 times
...
Marleen
6 months ago
Yeah, the same sequence number and different payloads definitely point to malicious activity.
upvoted 0 times
...
Candida
6 months ago
I agree, those varying payloads seem suspicious.
upvoted 0 times
...
Antonio
6 months ago
I agree, it seems like some kind of TCP injection is happening.
upvoted 0 times
...
...
Amie
7 months ago
This sounds like a classic TCP injection attack. The different payloads suggest the attacker is trying to bypass security measures. I'd go with option A.
upvoted 0 times
Twana
6 months ago
Maybe the web filter is misconfigured and allowing these packets through. Option B could also be a possibility.
upvoted 0 times
...
Ben
6 months ago
Yes, option A makes the most sense in this situation.
upvoted 0 times
...
Deonna
6 months ago
I agree, it does seem like a TCP injection attack. Option A is the most likely cause.
upvoted 0 times
...
Ashlee
6 months ago
I agree, it does seem like a TCP injection attack.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77