nerdexam
Cisco

352-001 · Question #508

What information can you get from TCP flags while assessing an attack?

The correct answer is A. Type of attack. TCP flags reveal the type of attack being conducted by indicating connection state manipulation patterns such as SYN floods, null scans, or XMAS attacks.

Designing Security

Question

What information can you get from TCP flags while assessing an attack?

Options

  • AType of attack
  • BTarget of the attack
  • CPriority of the attack traffic
  • DSource of the attack

How the community answered

(63 responses)
  • A
    92% (58)
  • B
    5% (3)
  • C
    2% (1)
  • D
    2% (1)

Why each option

TCP flags reveal the type of attack being conducted by indicating connection state manipulation patterns such as SYN floods, null scans, or XMAS attacks.

AType of attackCorrect

TCP control flags (SYN, ACK, FIN, RST, PSH, URG) define the state and intent of a TCP segment. Unusual or malformed flag combinations - such as all flags set (XMAS scan), no flags set (null scan), or excessive SYN packets without ACK (SYN flood) - directly indicate the category and technique of the attack being performed.

BTarget of the attack

TCP flags do not identify the target; the destination IP address in the IP header identifies the target.

CPriority of the attack traffic

Traffic priority is determined by DSCP or IP precedence fields in the IP header, not TCP flags.

DSource of the attack

The source of an attack is identified by the source IP address field, not TCP flags, and even then source IPs can be spoofed.

Concept tested: TCP flag analysis for attack type identification

Source: https://www.cisco.com/c/en/us/about/security-center/network-attacks.html

Topics

#TCP flags#attack analysis#traffic analysis#intrusion detection

Community Discussion

No community discussion yet for this question.

Full 352-001 Practice