Consider the following three possible events that may be highlighted on SOC dashboards: a) A significant and unusual increase in the number of ARP responses on an internal network link. b) A significant and unusual increase in the number of TCP half open connections from different IP addresses on the organisation’s web server. c) A significant and unusual increase in the number of failed logins to intranet services, but no associated increase in the number of user accounts that have been automatically locked. Based on the above events complete the following tasks: i. Identify a security attack that may cause the above symptoms and describe how it works. ii. Explain why the above symptoms would be observed for your identified attac
Consider the following three possible events that may be highlighted on SOC dashboards: a) A significant and unusual increase in the number of ARP responses on an internal network link. b) A significant and unusual increase in the number of TCP half open connections from different IP addresses on the organisation’s web server. c) A significant and unusual increase in the number of failed logins to intranet services, but no associated increase in the number of user accounts that have been automatically locked. Based on the above events complete the following tasks: i. Identify a security attack that may cause the above symptoms and describe how it works. ii. Explain why the above symptoms would be observed for your identified attac
Comptia A+ Core 1 Exam: Guide To Computing Infrastructure (mindtap Course List)
10th Edition
ISBN:9780357108376
Author:Jean Andrews, Joy Dark, Jill West
Publisher:Jean Andrews, Joy Dark, Jill West
Chapter8: Network Infrastructure And Troubleshooting
Section: Chapter Questions
Problem 8TC
Related questions
Question
Consider the following three possible events that may be highlighted on SOC dashboards:
a) A significant and unusual increase in the number of ARP responses on an internal network link.
b) A significant and unusual increase in the number of TCP half open connections from different IP addresses on the organisation’s web server.
c) A significant and unusual increase in the number of failed logins to intranet services, but no associated increase in the number of user accounts that have been automatically locked.
Based on the above events complete the following tasks:
i. Identify a security attack that may cause the above symptoms and describe how it works.
ii. Explain why the above symptoms would be observed for your identified attack.
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 2 steps
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Recommended textbooks for you
Comptia A+ Core 1 Exam: Guide To Computing Infras…
Computer Science
ISBN:
9780357108376
Author:
Jean Andrews, Joy Dark, Jill West
Publisher:
Cengage Learning
A+ Guide To It Technical Support
Computer Science
ISBN:
9780357108291
Author:
ANDREWS, Jean.
Publisher:
Cengage,
A+ Guide to Hardware (Standalone Book) (MindTap C…
Computer Science
ISBN:
9781305266452
Author:
Jean Andrews
Publisher:
Cengage Learning
Comptia A+ Core 1 Exam: Guide To Computing Infras…
Computer Science
ISBN:
9780357108376
Author:
Jean Andrews, Joy Dark, Jill West
Publisher:
Cengage Learning
A+ Guide To It Technical Support
Computer Science
ISBN:
9780357108291
Author:
ANDREWS, Jean.
Publisher:
Cengage,
A+ Guide to Hardware (Standalone Book) (MindTap C…
Computer Science
ISBN:
9781305266452
Author:
Jean Andrews
Publisher:
Cengage Learning
Systems Architecture
Computer Science
ISBN:
9781305080195
Author:
Stephen D. Burd
Publisher:
Cengage Learning
Principles of Information Security (MindTap Cours…
Computer Science
ISBN:
9781337102063
Author:
Michael E. Whitman, Herbert J. Mattord
Publisher:
Cengage Learning