ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 58 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 58
Topic #: 1
[All 312-50v13 Questions]

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources.
What is the attack technique used by Jude for finding loopholes in the above scenario?

  • A. Spoofed session flood attack
  • B. UDP flood attack
  • C. Peer-to-peer attack
  • D. Ping-of-death attack
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by NikoTomas at March 10, 2025, 11:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
1 month, 1 week ago
Selected Answer: A
Correct: A A spoofed session flood is a form of DDoS (Distributed Denial of Service) attack where an attacker overwhelms a system by creating fake sessions that mimic legitimate user interactions. By manipulating session data to look like valid communication, the attacker floods the system with these fake requests, consuming resources and potentially causing the application to become unresponsive or leading to unauthorized access. This type of attack exploits weaknesses in session management and network traffic monitoring, making it difficult to detect and mitigate. Attackers can submit a fake SYN packet (used to initiate a TCP connection), followed by multiple ACK packets (which acknowledge the receipt of data), and at least one RST (reset) or FIN (connection termination) packet. By crafting these packets, they mimic a genuine TCP session, tricking security systems into believing the communication is legitimate. https://www.indusface.com/learning/spoofed-session-flood-attack/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago