CompTIA CySA+ (CS0-003) — Question 339

An IDS is triggered during after-hours operations. The indicator records an abnormal amount of SYN requests being sent to port 21 from numerous external systems. A security analyst reports this information to the IR team for further investigation. Which of the following best describes this incident?

Answer options

• A. A sniff attack through the DNS port
• B. A buffer overflow attack through the Telnet port
• C. A reconnaissance attack through the SSH port
• D. A DDoS attack through the FTP port

Correct answer: D

Explanation

The situation described indicates a Distributed Denial of Service (DDoS) attack targeting the FTP port (21), as the large volume of SYN requests suggests an attempt to overwhelm the service. Options A, B, and C do not relate to the observed behavior, which specifically involves a flood of SYN packets rather than any of the other attack types indicated.