A security analyst observes a high volume of SYN flags from an unexpected source toward a web application server within one hour. The traffic is not flagging for any exploit signatures.
Which of the following scenarios best describes this activity?
A.
A legitimate connection is continuously attempting to establish a connection with a downed web server.
B.
A script kiddie is attempting to execute a DDoS through a ping flood attack.
C.
An attacker is executing reconnaissance activities by mapping which ports are open and closed.
D.
A web exploit attempt is likely occurring and the security analyst is not seeing it.
C. An attacker is executing reconnaissance activities by mapping which ports are open and closed.
Here's why:
The observed behavior—a high volume of SYN flags toward a web application server—is indicative of a SYN scan or a reconnaissance activity. In this scenario, the attacker is trying to gather information about the open ports on the target system.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ada26b1
2 weeks, 6 days ago