Which of the following is MOST likely happening to the server?

CAS-004 V3 0 Comments

Users are claiming that a web server is not accessible. A security engineer logs for the site.

The engineer connects to the server and runs netstat -an and receives the following output:


Which of the following is MOST likely happening to the server?
A . Port scanning
B. ARP spoofing
C. Buffer overflow
D. Denial of service

Answer: D

Explanation:

A denial of service (DoS) attack is a malicious attempt to disrupt the normal functioning of a server by overwhelming it with requests or traffic1. One possible indicator of a DoS attack is a large number of connections from a single source IP address1. In this case, the output of netstat -an shows that there are many connections from 213.37.55.67 with different port numbers and in TIME WAIT state23. This suggests that the attacker is sending many SYN packets to initiate connections but not completing them, thus exhausting the server’s resources and preventing legitimate users from accessing it1.

Latest CAS-004 Dumps Valid Version with 128 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CAS-004 PDF     CAS-004 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments