In analyzing a suspected SYN flood, which filter shows packets that have both SYN and ACK flags set?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the TestOut Labs Test. Interactive quizzes and flashcards with insights and tips for a comprehensive review. Ace your exam!

Multiple Choice

In analyzing a suspected SYN flood, which filter shows packets that have both SYN and ACK flags set?

Explanation:
Understanding TCP flags and how they map to the handshake helps you spot what’s happening in the traffic. A packet that has both SYN and ACK set is a SYN-ACK, which is the server’s response to a client’s initial SYN during the TCP three-way handshake. This makes it the exact filter you’d use to identify those handshake reply packets in analysis, especially when investigating a SYN flood where many SYNs are sent and the corresponding acknowledgments may be delayed or missing. The other flags point to different events: a packet with neither flag is typically plain data or other control activity, a packet with FIN indicates connection termination, and a packet with PSH signals immediate data pushing. Those don’t specifically represent the handshake response, so they don’t match the scenario described.

Understanding TCP flags and how they map to the handshake helps you spot what’s happening in the traffic. A packet that has both SYN and ACK set is a SYN-ACK, which is the server’s response to a client’s initial SYN during the TCP three-way handshake. This makes it the exact filter you’d use to identify those handshake reply packets in analysis, especially when investigating a SYN flood where many SYNs are sent and the corresponding acknowledgments may be delayed or missing.

The other flags point to different events: a packet with neither flag is typically plain data or other control activity, a packet with FIN indicates connection termination, and a packet with PSH signals immediate data pushing. Those don’t specifically represent the handshake response, so they don’t match the scenario described.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy