CompTIA Security+ (SY0-501) — Question 187

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times.
Which of the following describes this type of attack?

Answer options

• A. Integer overflow attack
• B. Smurf attack
• C. Replay attack
• D. Buffer overflow attack
• E. Cross-site scripting attack

Correct answer: C

Explanation

The correct answer is C, Replay attack, because the attacker is capturing and re-sending legitimate packets to duplicate a transaction. The other options do not apply: An integer overflow attack involves exceeding the maximum value of a data type, a Smurf attack is a type of denial-of-service, a buffer overflow attack exploits memory allocation, and cross-site scripting involves injecting malicious scripts into web pages.