Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 200-201 Topic 5 Question 99 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 99
Topic #: 5
[All 200-201 Questions]

Refer to exhibit.

An engineer is Investigating an Intrusion and Is analyzing the pcap file. Which two key elements must an engineer consider? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D

The exhibit shows a pcap file capturing multiple TCP SYN packets directed at the same destination IP address.

High volume of SYN packets with very little variance in time: This pattern is indicative of a SYN flood attack, a type of Denial of Service (DoS) attack where numerous SYN requests are sent to overwhelm the target system.

SYN packets acknowledged from several source IP addresses: This can be indicative of a Distributed Denial of Service (DDoS) attack where multiple compromised hosts (botnet) are used to generate traffic.

These characteristics suggest that the network is under a SYN flood or DDoS attack, aiming to exhaust the target's resources and disrupt service availability.


Understanding SYN Flood Attacks

Analysis of DDoS Attack Patterns

Wireshark Analysis Techniques for Intrusion Detection

by Casie at Sep 14, 2024, 05:22 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cherry
2 days ago
I believe another important element to consider is the high volume of SYN packets with very little variance in time.
upvoted 0 times
...
Carla
7 days ago
Intrusion analysis? More like 'Infusion' analysis, am I right? *wink wink*
upvoted 0 times
...
Xochitl
8 days ago
Whoa, these options are like a buffet of cybersecurity goodness! I'm getting hungry just thinking about it.
upvoted 0 times
Lizbeth
1 days ago
B) High volume of SYN packets with very little variance in time
upvoted 0 times
...
Bobbye
3 days ago
A) Variable 'info' field and unchanging sequence number
upvoted 0 times
...
...
Denise
13 days ago
I agree with Shenika. Those two elements can provide valuable information in analyzing the pcap file.
upvoted 0 times
...
Shenika
20 days ago
I think the key elements to consider are the variable 'info' field and unchanging sequence number.
upvoted 0 times
...
Kristin
22 days ago
The 'identical length' and 'window size' clues definitely stand out to me. Gotta be option C!
upvoted 0 times
Carey
6 days ago
I think we should also look at option D, SYN packets acknowledged from several source IP addresses.
upvoted 0 times
...
Carrol
16 days ago
I agree, option C seems like a key element to consider.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77