Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 679 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 679
Topic #: 1
[All 312-49v10 Questions]

Recently, an internal web app that a government agency utilizes has become unresponsive. Betty, a network engineer for the government agency, has been tasked to determine the cause of the web application's unresponsiveness. Betty launches Wireshark and begins capturing the traffic on the local network. While analyzing the results, Betty noticed that a syn flood attack was underway. How did Betty know a syn flood attack was occurring?

  • A. Wireshark capture does not show anything unusual and the issue is related to the web application
  • B. Wireshark capture shows multiple ACK requests and SYN responses from single/multiple IP address(es)
  • C. Wireshark capture shows multiple SYN requests and RST responses from single/multiple IP address(es)
  • D. Wireshark capture shows multiple SYN requests and ACK responses from single/multiple IP address(es)
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 581777a at Aug. 23, 2023, 9:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Elb
5 months, 2 weeks ago
The malicious entity sends a barrage of SYN requests to a target server but intentionally avoids sending the final ACK. This leaves the server waiting for a response that never comes, consuming resources for each of these half-open connections.
upvoted 1 times
...
Elb
6 months ago
Selected Answer: C
SYN flooding is a type of Denial-of-Service (DoS) attack in which the attacker sends large number of SYN packets repeatedly to the target server using multiple spoofed IP addresses that never return an ACK packet, thus keeping the server busy and rendering it unresponsive
upvoted 1 times
...
Elb
7 months ago
Selected Answer: C
https://kb.mazebolt.com/knowledgebase/rst-syn-flood/
upvoted 1 times
...
581777a
1 year, 3 months ago
Selected Answer: C
C. Wireshark capture shows multiple SYN requests and RST responses from single/multiple IP address(es) In a SYN flood attack, the attacker sends a large number of SYN (synchronization) requests to a target server, often with spoofed IP addresses, in an attempt to overwhelm the server's resources and cause it to become unresponsive. When analyzing traffic using Wireshark, you might notice multiple SYN requests followed by RST (reset) responses. This is because the target server sends RST responses to the incoming SYN requests to indicate that it is not able to establish a full connection due to the flood of incoming SYN requests. This behavior is a characteristic sign of a SYN flood attack.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel