Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 200-201 Topic 4 Question 87 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 87
Topic #: 4
[All 200-201 Questions]

A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, they notice that many SYNs have the same sequence number, source, and destination IP address, but they have different payloads. What is causing this situation?

Show Suggested Answer Hide Answer
Suggested Answer: A

TCP injection is an attack where the attacker sends crafted packets into an existing TCP session. These packets appear to be part of the session.

The presence of many SYN packets with the same sequence number, source, and destination IP but different payloads indicates that an attacker might be injecting packets into the session.

This method can be used to disrupt communication, inject malicious commands, or manipulate the data being transmitted.


Understanding TCP Injection Attacks

Analyzing Packet Captures for Injection Attacks

Network Security Monitoring Techniques

by Cassi at May 20, 2024, 06:29 PM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Herschel
1 years ago
Oh great, now the hackers are getting creative with their payload variation. I feel for the engineer trying to sort this mess out. TCP injection for the win!
upvoted 0 times
Lonna
11 months ago
The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Thersa
12 months ago
The engineer has their work cut out for them trying to figure this out.
upvoted 0 times
...
Francoise
12 months ago
Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Sanda
12 months ago
Yeah, those hackers are really stepping up their game.
upvoted 0 times
...
Ashlyn
12 months ago
This looks like a case of TCP injection.
upvoted 0 times
...
Ivette
12 months ago
This looks like a case of TCP injection.
upvoted 0 times
...
...
Lili
1 years ago
I bet the network admin is wondering if they should have invested in a better packet capture solution. But hey, at least they're getting some excitement in their day. A is the way to go.
upvoted 0 times
...
Margo
1 years ago
Insufficient network resources? Come on, this is clearly a security issue. TCP injection all the way, folks.
upvoted 0 times
...
Adelina
1 years ago
Hmm, the varying payloads make me think it's not a misconfigured web filter. Gotta be some kind of malicious activity going on. A for sure.
upvoted 0 times
Bulah
12 months ago
Yeah, I think so too. It's probably some kind of malicious activity going on.
upvoted 0 times
...
Leonida
1 years ago
I agree, the varying payloads seem suspicious. Definitely sounds like TCP injection.
upvoted 0 times
...
Isadora
1 years ago
Definitely, it's probably TCP injection causing the issue.
upvoted 0 times
...
Kanisha
1 years ago
I think we should investigate further to confirm if it's a TCP injection.
upvoted 0 times
...
Marleen
1 years ago
Yeah, the same sequence number and different payloads definitely point to malicious activity.
upvoted 0 times
...
Candida
1 years ago
I agree, those varying payloads seem suspicious.
upvoted 0 times
...
Antonio
1 years ago
I agree, it seems like some kind of TCP injection is happening.
upvoted 0 times
...
...
Amie
1 years ago
This sounds like a classic TCP injection attack. The different payloads suggest the attacker is trying to bypass security measures. I'd go with option A.
upvoted 0 times
Twana
1 years ago
Maybe the web filter is misconfigured and allowing these packets through. Option B could also be a possibility.
upvoted 0 times
...
Ben
1 years ago
Yes, option A makes the most sense in this situation.
upvoted 0 times
...
Deonna
1 years ago
I agree, it does seem like a TCP injection attack. Option A is the most likely cause.
upvoted 0 times
...
Ashlee
1 years ago
I agree, it does seem like a TCP injection attack.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77