Certified Network Defender (CND) — Question 119

Which among the following filter is used to detect a SYN/FIN attack?

Answer options

• A. tcp.flags==0x002
• B. tcp.flags==0x004
• C. tcp.flags==0x003
• D. tcp.flags==0x001

Correct answer: C

Explanation

The correct answer is C (tcp.flags==0x003) because a SYN/FIN attack is characterized by both SYN and FIN flags being set. The other options represent different flag combinations that do not indicate this specific attack type.