CompTIACompTIA
SY0-501 · Question #14
SY0-501 Question #14: Real Exam Question with Answer & Explanation
The correct answer is B: The source IP of the attack is coming from 250 19.18.71.. The IPS output reveals that the attack originated from the IP address 250.19.18.71 and involved a malformed IGAP packet, which triggered the security alert.
Submitted by ngozi_ng· Mar 4, 2026
Question
A security analyst is reviewing the following output from an IPS: Given this output, which of the following can be concluded? (Select TWO).
Options
- AThe source IP of the attack is coming from 250.19 18.22.
- BThe source IP of the attack is coming from 250 19.18.71.
- CThe attacker sent a malformed IGAP packet, triggering the alert.
- DThe attacker sent a malformed TCP packet, triggering the alert.
- EThe TTL value is outside of the expected range, triggering the alert.
Explanation
The IPS output reveals that the attack originated from the IP address 250.19.18.71 and involved a malformed IGAP packet, which triggered the security alert.
Common mistakes.
- A. The IPS output would show 250.19.18.71, not 250.19.18.22, as the source IP address of the attack.
- D. The IPS alert specifies IGAP as the affected protocol; therefore, the attacker did not send a malformed TCP packet in this particular instance.
- E. The IPS alert describes a 'malformed IGAP packet' as the trigger, not an unexpected TTL value, which is a distinct type of network anomaly.
Concept tested. Analyzing network intrusion logs for attack details
Community Discussion
No community discussion yet for this question.