Refer to the exhibit. What does this packet capture indicate?
Correct. The pattern matches a TCP connect scan.
Why this answer
The packet capture shows multiple TCP SYN packets sent to a single host (10.10.10.10) targeting different ports (80, 443, 22, 21) with no subsequent ACK or RST responses. This pattern is characteristic of a port scan, specifically a SYN scan, where the attacker sends SYN packets to probe for open ports without completing the three-way handshake.
Exam trap
Cisco often tests the distinction between a SYN flood (volume-based attack on a single port) and a SYN scan (probing multiple ports), where candidates mistakenly associate any SYN traffic with a flood rather than recognizing the multi-port pattern as reconnaissance.
How to eliminate wrong answers
Option A is wrong because a SYN flood involves sending a high volume of SYN packets to a single port to exhaust server resources, not probing multiple ports. Option C is wrong because session hijacking requires an established TCP session with sequence number prediction, which is absent here. Option D is wrong because normal HTTP traffic would show completed three-way handshakes (SYN, SYN-ACK, ACK) and subsequent data transfer, not isolated SYN packets to multiple ports.