350-701 Question #79: Real Exam Question with Answer & Explanation

Question

Which two behavioral patterns characterize a ping of death attack? (Choose two.)

Options

• AThe attack is fragmented into groups of 16 octets before transmission.
• BThe attack is fragmented into groups of 8 octets before transmission.
• CShort synchronized bursts of traffic are used to disrupt TCP connections.
• DMalformed packets are used to crash systems.
• EPublicly accessible DNS servers are typically used to execute the attack.

Explanation

A ping of death attack works by sending an intentionally oversized ICMP packet (larger than the 65,535-byte IP maximum) to a target - this malformed packet causes vulnerable systems to crash, freeze, or reboot upon reassembly, making D correct. Because the oversized packet must travel across the network in pieces, IP fragmentation breaks it into chunks of 8 octets (64-bit boundary), confirming B as the second correct answer.

Why the distractors are wrong:

• A (16 octets) is incorrect - IP fragmentation offsets are measured in 8-octet units, not 16.
• C (short synchronized bursts disrupting TCP) describes a SYN flood attack, a completely different DoS technique targeting TCP handshakes.
• E (publicly accessible DNS servers) describes a DNS amplification attack, not ping of death.

Memory tip: Think "8 = ate (destroyed)" - the packet is chopped into 8-octet fragments that ate the target system when reassembled. If the answer involves malformed packets crashing systems, that's always ping of death territory.

No community discussion yet for this question.