CompTIA Network+ (N10-007) — Question 606

The help desk is receiving reports of intermittent connections to a server. A help desk technician suspects the server is unable to establish a three-way handshake due to a DoS attack. Which of the following commands should a network administrator use to confirm the help desk technician's claim?

Answer options

• A. nmap
• B. arp
• C. tcpdump
• D. dig

Correct answer: C

Explanation

The correct answer is C, tcpdump, as it captures and analyzes network packets, allowing the administrator to observe the TCP handshake process. The other options do not provide the necessary packet capture capabilities: A (nmap) is for network scanning, B (arp) is for resolving IP addresses to MAC addresses, and D (dig) is for DNS queries.