Q: 10
Refer to the exhibit.
Which alert is identified from this packet capture?
Which alert is identified from this packet capture?Options
Discussion
C tbh, those repeated PASS commands scream brute-force attack.
C. not B. ARP poisoning is a common trap here, but the PASS commands signal brute-force for sure.
B , I get why everyone says C for the brute-force since there are PASS commands, but with ARP in the options and a packet capture, ARP poisoning sometimes looks similar at first glance if you spot weird address changes. Maybe a bit of a trap if you're not careful. Someone confirm if I'm off, but that's my pick here.
Saw this exact scenario in my exam last year, it's C
Its C. Saw a really similar scenario in my practice questions-multiple PASS commands in POP3 packets usually point to brute-force attempts, not ARP stuff. Little unsure since ARP poisoning is a classic distractor, but pretty sure about brute-force here. Somebody correct me if you read it differently.
B or maybe A. The presence of ARP in the options makes B tempting, especially in a packet capture context. Feels like a possible trap for those focused on higher layers. I think B makes more sense if you're watching for L2 issues.
C
Its C, brute-force attack. Seeing all those PASS commands in a row is classic brute-force behavior with POP3. Not really ARP or MITM from the info shown, at least as I read packet captures like this. Pretty sure on C but let me know if I missed something.
C seen this a lot in practice dumps, brute-force is the alert flagged with those PASS attempts.
C not B. ARP poisoning looks tempting if you're focused on layer 2 stuff in the pcap, but all those PASS commands showing up points way more to brute-force. Seen similar exam questions, pattern matches C best here.
Be respectful. No spam.
