nerdexam
GIAC

GPEN · Question #429

GPEN Question #429: Real Exam Question with Answer & Explanation

The correct answer is D. The devices at hops 10 and II did not return an "ICMP TTL Exceeded in Transit" message.. Asterisks at traceroute hops 10 and 11 indicate those devices did not return ICMP TTL Exceeded in Transit messages to the probing host.

Question

What is the most likely cause of the responses on lines 10 and 11 of the output below?

Options

  • AThe device at hop 10 silently drops UDP packets with a high destination port.
  • BThe device at hop 10 is down and not forwarding any requests at all.
  • CThe host running the tracer utility lost its network connection during the scan
  • DThe devices at hops 10 and II did not return an "ICMP TTL Exceeded in Transit" message.

Explanation

Asterisks at traceroute hops 10 and 11 indicate those devices did not return ICMP TTL Exceeded in Transit messages to the probing host.

Common mistakes.

  • A. Silently dropping UDP packets with a high destination port would affect only that one hop; the fact that both hops 10 and 11 are unresponsive is more consistent with an ICMP response policy than port-specific packet dropping.
  • B. A completely downed device at hop 10 would prevent all packets from being forwarded beyond it, yet the traceroute output shows responses past those hops, meaning packets are routing through but ICMP replies are suppressed.
  • C. A local network connection loss during the scan would cause all remaining subsequent hops to be unresponsive simultaneously, not just the isolated hops 10 and 11 visible in the output.

Concept tested. Traceroute ICMP TTL Exceeded message filtering and hop non-response

Reference. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/tracert

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice