nerdexam
Exams312-50V13Questions#156
EC-CouncilEC-Council

312-50V13 · Question #156

312-50V13 Question #156: Real Exam Question with Answer & Explanation

The correct answer is B: Attacker floods TCP SYN packets with random source addresses towards a victim host. A TCP SYN attack exploits the three-way handshake by flooding a target with SYN packets from spoofed source IP addresses, causing the target's connection queue to fill up while waiting for non-existent ACKs.

Submitted by ngozi_ng· Mar 6, 2026Denial-of-Service

Question

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack?

Options

  • AAttacker generates TCP SYN packets with random destination addresses towards a victim host
  • BAttacker floods TCP SYN packets with random source addresses towards a victim host
  • CAttacker generates TCP ACK packets with random source addresses towards a victim host
  • DAttacker generates TCP RST packets with random source addresses towards a victim host

Explanation

A TCP SYN attack exploits the three-way handshake by flooding a target with SYN packets from spoofed source IP addresses, causing the target's connection queue to fill up while waiting for non-existent ACKs.

Common mistakes.

  • A. Generating TCP SYN packets with random destination addresses would spread the attack across many potential targets, rather than focusing on overwhelming a single victim's connection queue effectively.
  • C. Generating TCP ACK packets from random source addresses would not initiate connections or fill the SYN queue, as ACK packets are part of an already established or expected connection, and systems typically drop ACKs without a prior SYN.
  • D. Generating TCP RST packets would terminate existing connections, not exploit the SYN queue or initiate a denial-of-service attack based on the three-way handshake.

Concept tested. TCP SYN Flood attack

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/ddos-protection-overview

Topics

#TCP handshake#SYN flood#Denial-of-Service#packet spoofing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V13 PracticeBrowse All 312-50V13 Questions