Explore the most probable reason for a testing system outage based on server monitoring data. Analyze traffic patterns and identify potential network attacks in this CompTIA SY0-701 certification exam question.
Table of Contents
Question
A systems administrator notices that a testing system is down. While investigating, the systems administrator finds that the servers are online and accessible from any device on the server network. The administrator reviews the following information from the monitoring system:
| Server name | IP | Traffic sent | Traffic received | Status |
|---|---|---|---|---|
| File01 | 10.12.14.13 | 2654812 | 23185 | Up |
| DC01 | 10.12.15.2 | 168741 | 65481 | Up |
| Test01 | 10.25.1.3 | 14872 | 654123168 | Down |
| Test02 | 10.25.1.4 | 16941 | 651321685 | Down |
| DC02 | 10.12.15.3 | 32145 | 32158 | Up |
| Finance01 | 10.18.1.14 | 12374 | 6548 | Up |
Which of the following is the most likely cause of the outage?
A. Denial of service
B. ARP poisoning
C. Jamming
D. Kerberoasting
Answer
Based on the information provided, the most likely cause of the outage is:
A. Denial of service
Explanation
The server monitoring data shows that the Test01 and Test02 servers are down, while all other servers are up and functioning normally. Notably, the Test01 and Test02 servers have received an exceptionally high amount of traffic (654,123,168 and 651,321,685 respectively) compared to the other servers. This massive influx of traffic is indicative of a Denial of Service (DoS) attack targeting the testing systems.
In a DoS attack, the attacker floods the target system with an overwhelming amount of traffic or requests, exhausting its resources and rendering it unable to respond to legitimate requests. The extremely high “Traffic received” values for Test01 and Test02 strongly suggest that these servers are being bombarded with traffic, causing them to go down.
The other options are less likely:
- ARP poisoning involves manipulating the Address Resolution Protocol (ARP) to redirect traffic, but it would not cause such a significant increase in received traffic.
- Jamming is a type of DoS attack that targets wireless networks by interfering with radio frequencies, but the scenario does not mention a wireless network.
- Kerberoasting is an attack that targets Kerberos authentication, but it does not typically involve flooding servers with traffic.
Therefore, given the abnormally high incoming traffic on the affected servers, a Denial of Service attack is the most probable cause of the testing system outage.
CompTIA SY0-701 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the CompTIA SY0-701 exam and earn CompTIA SY0-701 certification.