Question 70 of 76 from exam 350-201-CBRCOR: Performing CyberOps Using Cisco Security Technologies

Prev Question Next Question

Question

$5 Time Source Destination Fete Legh 1 0.000000 10.002 10.128.02 rer 3341 > 80 [SYN] Seq=0.Win=512 Ls 2 00003987 10.1280.2 10.002 Tee 5B. 023202 [SYNLAGK] Seaed. Ack=t "Wn=25200 Len=O MSS=1460 3 0.005514 — 10.12802 10.002 ep $80 -> 3341 [SYN ACK] Seq=0 Ack=1 Win=28200 Len=0 MSS=1460 4 00008423 10.0.02 1012802 Tp 543342 -> 80 [SYN] Seq=O Win=S12 Len=0 5 0.010233 1012802 100002 ep 5880 > 3220 [SYN, ACK] Seq=O Ack=1 Win=29200 Len=0 MSS=1460 6 0014072 10.1280 10.002 ep 5880 > 3342 [SYN. ACK] Seq=0_ Ach Len=0 MSS=1460 7 0.016830 10.002 1012802 ep 543343 > 80 [SYN] Seq=0 Win=512 800022220 10:128.02 10002 cp 588 > 3343 [SYN ACK] Seq= Act Len=0 90023496 1012802 10.002 ep 5880 > 3219 [SYN. ACK] Seq=0_ Ach Len=0 10 0.025243 10.002 1012802 ep 583344 > 80 [SYN] Seq=0 Wine 34 0.026672 10.1202 10.002 cp 5880 > 3218 [SYN, ACK] Seq=0 Len=0 MSS=1460 32 0.028038 10,128.02 100002 cp 5880» 3221 [SYN. ACK] Seq=0 Win=29200 Len=0 MSS=1460 33 0.030523 10.12802 10.002 ep 5880 -> 3344 [SYN, ACK] Seq=0 Win=29200 Len=0 MSS=1460 }> Frame 1 : 54 bytes on wire (32 bits), 54 bytes captured (492 bits) fo Ethernet 22, src:42:01:0a10:00:17 (42:01:08f0:00:17), Dst:42:01:0a:0:00:01 ($2.01:0810:00:01) J» internet Protocol version 4, src: 10.0.02, Dst: 10.128.02 H Transmission control protocol, Src Port: 3341, Dst Por: 80. Seq. 0. Len: 0 ‘Source port: 3341 Destination port: 0 [stream index: 0] [TCP Segment Len: 0}, ‘Sequence number: 0 (lative sequence number) {Next sequence number: 0 (elatne sequence number)) (0101... = Header Length: 20 bytes (5) Window size value: 512 [Calculated window size: $12] Checksum: Ox8d5a [umverfied] [Checksum Status: Unverified] Urgent pointer: 0 @ [Timestamps}$

Refer to the exhibit.

What is the threat in this Wireshark traffic capture?

Answers

A. A high rate of SYN packets being sent from multiple sources toward a single destination IP

B. A flood of ACK packets coming from a single source IP to multiple destination IPs

C. A high rate of SYN packets being sent from a single source IP toward multiple destination IPs

D. A flood of SYN packets coming from a single source IP to a single destination IP.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question