Which of the following can be mitigated by installing a personal firewall on a laptop? (Select the best answer.)

A.
a SYN flood attack

B.
a crosssite scripting attack

C.
a portscanning attack

D.
a sessionhijacking attack

Explanation:
Installing a personal firewall on a laptop can mitigate a portscanning attack. In a portscanning attack, an
attacker uses a portscanning application to probe a computer to determine which ports are open and vulnerable
to an attack. After determining which ports are open, the attacker can attempt to access the computer through
an open port. With a personal firewall, you can protect a host from malicious traffic by permitting or denying
specific applications or network ports access to the host or its network interface. Typically, a personal firewall
provides sufficient granularity to specify the direction of a particular flow of traffic. For example, you couldpermit outbound web traffic but deny all inbound traffic that does not correspond to established outbound
connections.
Installing a personal firewall on a laptop would not mitigate a sessionhijacking attack. A sessionhijacking attack
requires that the attacker determine the Initial Sequence Number (ISN) for a new Transmission Control
Protocol (TCP) session. The ISN is used during the TCP threeway handshake to synchronize the states of the
sending and receiving hosts. If an attacker can guess the ISN or any subsequent sequence number for a
connection, the attacker can hijack the session. Typically, an attacker will disrupt the connection by forcing one
of the hosts to become unsynchronized and will then assume the identity of the unsynchronized host by
spoofing its IP address. Session hijacking relies on the attacker being able to determine the correct sequence
number for any given segment in a TCP session. Because some hosts use incremental ISNs and random
sequence numbers, an attacker can determine the ISN for a new connection on a vulnerable host by first
initiating a connection to the host and determining the current ISN.
Installing a personal firewall on a laptop would not mitigate a crosssite scripting (XSS) attack. An XSS attack
takes advantage of weaknesses within a web application to insert malicious code into input fields on a web
form. If the attack is successful, the attacker might be able to inject code into the webpage, which could allow
the attacker to perform a variety of malicious tasks, such as redirecting visitors to another website or harvesting
cookies from the victim’s computer. Serverside input validation can be used to mitigate XSS attacks performed
on web forms. However, other types of XSS attacks, such as a link in an email to lure victims to a webpage
containing malicious script, are not mitigated by input validation.
Installing a personal firewall on a laptop would not mitigate a SYN flood attack. A SYN flood attack sends a
large volume of SYN segments to a target host in an attempt to saturate the target’s TCP connection table. The
SYN flood attack exploits the TCP threeway handshake by sending TCP SYN segments from spoofed IP
addresses. When the target host replies to the spoofed IP addresses, the target’s packets are ignored because
the spoofed hosts do not have corresponding entries in their TCP connection tables. The target host will
continue to wait for responses from the spoofed hosts until the TCP handshake times out. With a sufficient
number of SYN requests, the target’s TCP connection table can become full. Once the TCP connection table is
full, the target host will be unable to accept new TCP connections.

CCNA Security 210260 Official Cert Guide, Chapter 19, Personal Firewalls and Host Intrusion Prevention
Systems, pp. 498-499