312-50V12 · Question #227
312-50V12 Question #227: Real Exam Question with Answer & Explanation
The correct answer is C: RST hijacking. The question describes an attacker injecting a spoofed reset packet with a guessed acknowledgment number to terminate a victim's connection, which is a specific form of session hijacking.
Question
A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?
Options
- ABlind hijacking
- BUDP hijacking
- CRST hijacking
- DTCP/IP hijacking
Explanation
The question describes an attacker injecting a spoofed reset packet with a guessed acknowledgment number to terminate a victim's connection, which is a specific form of session hijacking.
Common mistakes.
- A. Blind hijacking refers to a scenario where the attacker can inject data into a session but cannot see the responses from the target, which is not the primary technique described here.
- B. UDP hijacking is not applicable because UDP is a connectionless protocol and does not utilize RST packets to terminate sessions.
- D. TCP/IP hijacking is a broad category of attacks that includes various methods; RST hijacking is a more specific and accurate term for the technique described, which explicitly involves RST packets.
Concept tested. TCP RST packet injection for session termination
Reference. https://learn.microsoft.com/en-us/windows/win32/winsock/tcp-reset-attacks
Topics
Community Discussion
No community discussion yet for this question.