nerdexam
Cisco

350-701 · Question #73

How is ICMP used an exfiltration technique?

The correct answer is C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a. ICMP exfiltration involves using the ICMP protocol, typically the data portion of an echo-request or echo-reply packet, to encapsulate and transfer data or execute command and control instructions. Attackers embed sensitive information or commands within the ICMP payload, which i

Submitted by luis.pe· Mar 30, 2026

Question

How is ICMP used an exfiltration technique?

Exhibit

350-701 question #73 exhibit

Options

  • Aby flooding the destination host with unreachable packets
  • Bby sending large numbers of ICMP packets with a targeted hosts source IP address using an IP
  • Cby encrypting the payload in an ICMP packet to carry out command and control tasks on a
  • Dby overwhelming a targeted host with ICMP echo-request packets

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    10% (3)
  • C
    66% (19)
  • D
    21% (6)

Why each option

ICMP exfiltration involves using the ICMP protocol, typically the data portion of an echo-request or echo-reply packet, to encapsulate and transfer data or execute command and control instructions. Attackers embed sensitive information or commands within the ICMP payload, which is often permitted through firewalls, making it an effective covert communication channel.

Aby flooding the destination host with unreachable packets

Flooding a destination host with unreachable packets is typically associated with Denial of Service (DoS) attacks, not data exfiltration.

Bby sending large numbers of ICMP packets with a targeted hosts source IP address using an IP

Sending large numbers of ICMP packets with a targeted host's source IP address is a form of spoofing or DoS, not a method for data exfiltration.

Cby encrypting the payload in an ICMP packet to carry out command and control tasks on aCorrect

ICMP exfiltration leverages the ICMP protocol to tunnel data, where attackers embed encrypted data or command and control instructions within the payload of ICMP packets, such as echo requests or replies. This technique is effective because ICMP traffic is often allowed through network perimeters, providing a covert channel for data transfer or remote control.

Dby overwhelming a targeted host with ICMP echo-request packets

Overwhelming a targeted host with ICMP echo-request packets (ping flood) is a classic Denial of Service (DoS) attack, not a method for data exfiltration.

Concept tested: ICMP exfiltration techniques

Source: https://www.cisco.com/c/en/us/about/security-center/network-security/icmp-tunneling.html

Topics

#ICMP exfiltration#Covert channels#Command and Control (C2)#Protocol misuse

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice