NSE4 Question #365: Real Exam Question with Answer & Explanation

The correct answer is D: The attacker starts many connections, but never acknowledges to fully form them.. A TCP SYN flood is a denial-of-service attack where an attacker rapidly sends many TCP SYN requests to a target but never completes the handshake, exhausting the target's connection resources.

Submitted by amina.ke· Apr 18, 2026Firewall and Authentication

Question

Which best describe the mechanism of a TCP SYN flood?

Options

AThe attacker keeps open many connections with slow data transmission so that other clients
BThe attacker sends a packet designed to "sync" with the FortiGate.
CThe attacker sends a specially crafted malformed packet, intended to crash the target by
DThe attacker starts many connections, but never acknowledges to fully form them.

Explanation

A TCP SYN flood is a denial-of-service attack where an attacker rapidly sends many TCP SYN requests to a target but never completes the handshake, exhausting the target's connection resources.

Common mistakes.

A. This describes a "slowloris" or similar slow HTTP/connection-based attack, not a SYN flood.
B. While SYN packets are part of the attack, simply sending one "sync" packet does not constitute a SYN flood; the attack involves a flood of unacknowledged SYN packets.
C. Sending a specially crafted malformed packet is characteristic of a malformed packet attack or buffer overflow attempt, not specifically a SYN flood.

Concept tested. TCP SYN flood attack mechanism

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/fortios-handbook/475176/syn-proxy-and-ack-proxy

Topics

#TCP SYN flood#Denial of Service#TCP handshake#Attack mechanisms

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions