Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 200-201 Topic 5 Question 99 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 99
Topic #: 5
[All 200-201 Questions]

Refer to exhibit.

An engineer is Investigating an Intrusion and Is analyzing the pcap file. Which two key elements must an engineer consider? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D

The exhibit shows a pcap file capturing multiple TCP SYN packets directed at the same destination IP address.

High volume of SYN packets with very little variance in time: This pattern is indicative of a SYN flood attack, a type of Denial of Service (DoS) attack where numerous SYN requests are sent to overwhelm the target system.

SYN packets acknowledged from several source IP addresses: This can be indicative of a Distributed Denial of Service (DDoS) attack where multiple compromised hosts (botnet) are used to generate traffic.

These characteristics suggest that the network is under a SYN flood or DDoS attack, aiming to exhaust the target's resources and disrupt service availability.


Understanding SYN Flood Attacks

Analysis of DDoS Attack Patterns

Wireshark Analysis Techniques for Intrusion Detection

by Casie at Sep 14, 2024, 05:22 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dominque
2 months ago
Hold up, 'same source IP with port 80'? That's a classic web server attack, no doubt. E is the way to go!
upvoted 0 times
...
Judy
2 months ago
Wait, is the 'info' field really that important here? I dunno, I'm going with A just to be safe.
upvoted 0 times
Slyvia
1 months ago
I think 'info' field is important, but D seems crucial too.
upvoted 0 times
...
Lucina
2 months ago
D) SYN packets acknowledged from several source IP addresses
upvoted 0 times
...
Justine
2 months ago
A) Variable 'info' field and unchanging sequence number
upvoted 0 times
...
...
Cherry
2 months ago
I believe another important element to consider is the high volume of SYN packets with very little variance in time.
upvoted 0 times
...
Carla
2 months ago
Intrusion analysis? More like 'Infusion' analysis, am I right? *wink wink*
upvoted 0 times
Misty
1 months ago
B) High volume of SYN packets with very little variance in time
upvoted 0 times
...
Arminda
1 months ago
A) Variable 'info' field and unchanging sequence number
upvoted 0 times
...
...
Xochitl
2 months ago
Whoa, these options are like a buffet of cybersecurity goodness! I'm getting hungry just thinking about it.
upvoted 0 times
Lizbeth
2 months ago
B) High volume of SYN packets with very little variance in time
upvoted 0 times
...
Bobbye
2 months ago
A) Variable 'info' field and unchanging sequence number
upvoted 0 times
...
...
Denise
3 months ago
I agree with Shenika. Those two elements can provide valuable information in analyzing the pcap file.
upvoted 0 times
...
Shenika
3 months ago
I think the key elements to consider are the variable 'info' field and unchanging sequence number.
upvoted 0 times
...
Kristin
3 months ago
The 'identical length' and 'window size' clues definitely stand out to me. Gotta be option C!
upvoted 0 times
Carey
2 months ago
I think we should also look at option D, SYN packets acknowledged from several source IP addresses.
upvoted 0 times
...
Carrol
3 months ago
I agree, option C seems like a key element to consider.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77