Valid 212-82 Dumps shared by ExamDiscuss.com for Helping Passing 212-82 Exam! ExamDiscuss.com now offer the newest 212-82 exam dumps, the ExamDiscuss.com 212-82 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 212-82 dumps with Test Engine here:
An attacker with malicious intent used SYN flooding technique to disrupt the network and gain advantage over the network to bypass the Firewall. You are working with a security architect to design security standards and plan for your organization. The network traffic was captured by the SOC team and was provided to you to perform a detailed analysis. Study the Synflood.pcapng file and determine the source IP address. Note: Synflood.pcapng file is present in the Documents folder of Attacker-1 machine.
Correct Answer: B
20.20.10.19 is the source IP address of the SYN flooding attack in the above scenario. SYN flooding is a type of denial-of-service (DoS) attack that exploits the TCP (Transmission Control Protocol) three-way handshake process to disrupt the network and gain advantage over the network to bypass the firewall. SYN flooding sends a large number of SYN packets with spoofed source IP addresses to a target server, causing it to allocate resources and wait for the corresponding ACK packets that never arrive. This exhausts the server's resources and prevents it from accepting legitimate requests . To determine the source IP address of the SYN flooding attack, one has to follow these steps: Navigate to the Documents folder of Attacker-1 machine. Double-click on Synflood.pcapng file to open it with Wireshark. Click on Statistics menu and select Conversations option. Click on TCP tab and sort the list by Bytes column in descending order. Observe the IP address that has sent the most bytes to 20.20.10.26 (target server). The IP address that has sent the most bytes to 20.20.10.26 is 20.20.10.19 , which is the source IP address of the SYN flooding attack.
