Systems Security Certified Practitioner – SSCP – Question0827
A packet containing a long string of NOP's followed by a command is usually indicative of what? A. A syn scan. B. A half-port scan. C. A buffer overflow attack. D. A packet destined for the network's broadcast address.
Correct Answer: C
Explanation:
A series of the same control, hexidecimal, characters imbedded in the string is usually an indicator of a buffer overflow attack. A NOP is a instruction which does nothing (No Operation -the hexadecimal equivalent is 0x90)
The following answers are incorrect:
A syn scan. This is incorrect because a SYN scan is when a SYN packet is sent to a specific port and the results are then analyzed.
A half-port scan. This is incorrect because the port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed. Also known as a Half Open Port scan.
A packet destined for the network’s broadcast address. This is incorrect because this type of packet would not contain a long string of NOP characters.
Please disable your adblocker or whitelist this site!