A security analyst has received the following alert snippet from the HIDS appliance: PROTOCOL SIG SRC. PORT DST. PORT TCP XMAS SCAN 192.168.1.1:1091 192.168.1.2:8891 TCP XMAS SCAN 192.168.1.1:649 192.168.1.2:9001 TCP XMAS SCAN 192.168.1.1:2264 192.168.1.2:6455 TCP XMAS SCAN 192.168.1.1:3464 192.168.1.2:8744 Given the above logs, which of the following is the cause of the attack?

Correct Answer is : FIN, URG, and PSH flags are set in the packet header

The TCP ports on destination are all open

FIN, URG, and PSH flags are set in the packet header

TCP MSS is configured improperly

There is improper Layer 2 segmentation

Comp TIA Security + Certification Questions Part 2

Question : 25 of 60

Marks: +1, -0

A security analyst has received the following alert snippet from the HIDS appliance:

`PROTOCOL`	`SIG`	`SRC. PORT`	`DST. PORT`
`TCP`	`XMAS SCAN`	`192.168.1.1:1091`	`192.168.1.2:8891`
`TCP`	`XMAS SCAN`	`192.168.1.1:649`	`192.168.1.2:9001`
`TCP`	`XMAS SCAN`	`192.168.1.1:2264`	`192.168.1.2:6455`
`TCP`	`XMAS SCAN`	`192.168.1.1:3464`	`192.168.1.2:8744`

Given the above logs, which of the following is the cause of the attack?

Go to Question:

Prev Question

Next Question