IBM Maximo Asset Management v7.6.1 Administrator — Question 5

An analyst noticed that from a particular subnet (203.0.113.0/24), all IP addresses are simultaneously trying to reach out to the company’s publicly hosted FTP server.
The analyst also noticed that this activity has resulted in a Type B Superflow on the Network Activity tab.
Under which category, should the analyst report this issue to the security administrator?

Answer options

• A. Syn Flood
• B. Port Scan
• C. Network Scan
• D. DDoS

Correct answer: A

Explanation

The correct answer is A, Syn Flood, because the simultaneous connection attempts from a range of IP addresses indicate a flood of SYN packets aimed at overwhelming the FTP server. The other options, such as Port Scan and Network Scan, refer to different types of reconnaissance activities rather than a flood of SYN requests, and DDoS is too broad since it may involve multiple attack vectors.