Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 200-201 Topic 4 Question 87 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 87
Topic #: 4
[All 200-201 Questions]

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?

Show Suggested Answer Hide Answer
Suggested Answer: A

TCP injection is an attack where the attacker sends crafted packets into an existing TCP session. These packets appear to be part of the session.

The presence of many SYN packets with the same sequence number, source, and destination IP but different payloads indicates that an attacker might be injecting packets into the session.

This method can be used to disrupt communication, inject malicious commands, or manipulate the data being transmitted.


Understanding TCP Injection Attacks

Analyzing Packet Captures for Injection Attacks

Network Security Monitoring Techniques

by Cassi at May 20, 2024, 06:29 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Herschel
11 months ago
Oh great, now the hackers are getting creative with their payload variation. I feel for the engineer trying to sort this mess out. TCP injection for the win!
upvoted 0 times
Lonna
10 months ago
The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Thersa
10 months ago
The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Francoise
10 months ago
Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Sanda
10 months ago
Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Ashlyn
10 months ago
This looks like a case of TCP injection.
upvoted 0 times
...
Ivette
10 months ago
This looks like a case of TCP injection.
upvoted 0 times
...
...
Lili
11 months ago
I bet the network admin is wondering if they should have invested in a better packet capture solution. But hey, at least they're getting some excitement in their day. A is the way to go.
upvoted 0 times
...
Margo
11 months ago
Insufficient network resources? Come on, this is clearly a security issue. TCP injection all the way, folks.
upvoted 0 times
...
Adelina
11 months ago
Hmm, the varying payloads make me think it's not a misconfigured web filter. Gotta be some kind of malicious activity going on. A for sure.
upvoted 0 times
Bulah
10 months ago
Yeah, I think so too. It's probably some kind of malicious activity going on.
upvoted 0 times
...
Leonida
10 months ago
I agree, the varying payloads seem suspicious. Definitely sounds like TCP injection.
upvoted 0 times
...
Isadora
10 months ago
Definitely, it's probably TCP injection causing the issue.
upvoted 0 times
...
Kanisha
11 months ago
I think we should investigate further to confirm if it's a TCP injection.
upvoted 0 times
...
Marleen
11 months ago
Yeah, the same sequence number and different payloads definitely point to malicious activity.
upvoted 0 times
...
Candida
11 months ago
I agree, those varying payloads seem suspicious.
upvoted 0 times
...
Antonio
11 months ago
I agree, it seems like some kind of TCP injection is happening.
upvoted 0 times
...
...
Amie
11 months ago
This sounds like a classic TCP injection attack. The different payloads suggest the attacker is trying to bypass security measures. I'd go with option A.
upvoted 0 times
Twana
11 months ago
Maybe the web filter is misconfigured and allowing these packets through. Option B could also be a possibility.
upvoted 0 times
...
Ben
11 months ago
Yes, option A makes the most sense in this situation.
upvoted 0 times
...
Deonna
11 months ago
I agree, it does seem like a TCP injection attack. Option A is the most likely cause.
upvoted 0 times
...
Ashlee
11 months ago
I agree, it does seem like a TCP injection attack.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77