312-50V13 Question #320: Real Exam Question with Answer & Explanation

Question

Kevin, a professional hacker, wants to penetrate CyberTech Inc.'s network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packet, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system?

Options

• ADesynchronization
• BObfuscating
• CSession splicing
• DUrgency flag

Explanation

Explanation

Obfuscating (B) is correct because it involves transforming attack payload data into an alternate representation - in this case, encoding packets using Unicode characters - so that the IDS cannot recognize malicious content, while the target system can still decode and process it normally. This technique essentially "disguises" the attack traffic in a format the IDS doesn't understand.

Why the distractors are wrong:

• Desynchronization (A) is an IDS evasion technique that manipulates TCP sequence numbers to confuse the IDS about the true state of a session - it has nothing to do with character encoding.
• Session splicing (C) involves splitting attack payloads across multiple packets so the IDS misses the full attack pattern when reassembling - again, unrelated to encoding characters.
• Urgency flag (D) exploits the TCP URG flag to point the IDS to irrelevant data while the real payload is processed by the target - this is a pointer manipulation trick, not encoding.

Memory Tip

Think of "Obfuscating" as "disguising in costume" - just like a person in costume can still be recognized by someone who knows them (the web server), but fools a stranger (the IDS). Whenever you see Unicode, encoding, or character manipulation in an IDS evasion question, that's your signal to choose Obfuscating.

No community discussion yet for this question.