Less Frequently Asked Questions

People often send me questions via the contact page. They aren’t frequently asked questions, so I’m not adding them to the FAQ page. However, I do my best to answer these and thought that they might be valuable to others so I’m going to start posting some of the answers here.

They’re organized in the following sections.

Technical Questions

  • I have a couple of questions about the firewall rules answer you gave.
  • I have a question, what is a better way to secure a password? Salting it, or encrypting it with a stronger algorithm ???
  • Security+ : GCGA | Chapter 8, question 16

I Failed – Any Advice?

  • Took my Security+ SY0-501 yesterday and I couldn’t pass
  • I failed the Security+ test for the second time
  • I am trying to figure out how to pass when I take the exam again
  • Trying pass SY0-501 Exam, 3rd try
  • Do you have any advise on how to cut down the amount of time that I’m spending on the questions?

Braindumps

  • Should I use xxx?
  • Are the practice test questions exactly like the real exam?

Am I Missing Something?

  • Do you provide something to unzip the files?
  • Does 30 days mean 30 days?

 


 

Technical Questions

I have a couple of questions about the firewall rules answer you gave.

Hi Darril

I’m working my way through your study guide using the Kindle version bought from Amazon.

I have a couple of questions about the firewall rules answer you gave:

1. Rules 1 and 2 are identical. Why do you list both?

2. Most firewalls would allow you to group http and https to a particular webserver so I would say that is 1 rule. Do you disagree?

3. I think any competent admin would not clutter his firewall rules up with rules 4 and 5. It makes a long rule list hard to read. I guess that’s basically what you wrote. I think you should also clearly state how many rules are actually needed. I would say 3. Do you disagree?


Here’s my response.

First and foremost, the book is designed to help people take and pass the Security+ exam. With that in mind, I’m presenting the material in such a way that readers can understand the concepts.

> 1. Rules 1 and 2 are identical. Why do you list both?

Without a page number or section title, I’m having to guess what you’re asking about.

I’m thinking that you are referring to Table 3.3 on page 168 in the “Firewall Rules Solution” section. Note that the first column indicates the requirements listed on page 158 (not a rule number). There are six requirements.

The first line identifies the rule you would use to meet requirement 1. The second and third lines identify the rules you would use to meet requirement 2.

Your email indicates you probably have more expertise with firewall rules then most people.

In contrast, imagine that Homer doesn’t have your level of experience. While studying, he really wants to know what rule(s) he would use to meet requirement 2 and he can exactly what they are in Table 3.3.

> 2. Most firewalls would allow you to group http and https to a particular > webserver so I would say that is 1 rule. Do you disagree?

Again, the goal of the book is to help you pass the test. For the test, it’s important that you know the ports. If a question asks you to block both HTTP and HTTPS but you answer with only 80 or 443, you will not answer it correctly.

> 3. I think any competent admin would not clutter his firewall rules up with > rules 4 and 5.

I’m assuming you mean column 1 in Table 3.3 listing requirements (not rules). They are:

4. Block DNS zone transfer traffic from any source to any destination. 5. Block all DNS traffic from any source to any destination.

Table 3.3 shows the rules you’d create to meet these requirements. If a question asks you to create a rule based on a requirement, you won’t find an answer like B. A. … B. Any competent admin would not clutter his firewall rules up with these requirements C. …

> I think you should also clearly state how many > rules are actually needed. I would say 3. Do you disagree?

Yes. To meet the six requirements, you need six rules. Admittedly, one of the rules is repeated twice in Table 3.3 so the table has seven lines, but it is six rules.

Hope this helps.

I have a question, what is a better way to secure a password? Salting it, or encrypting it with a stronger algorithm ??

Hello Darril, I have a question, what is a better way to secure a password? Salting it, or encrypting it with a stronger algorithm ???


This question was difficult to answer on many levels so I responded with this:

What’s your context? What is prompting you to ask? What is the goal? What has your research indicated to you?

Which of these is the better color? Blue or green?


The answer was:

Thank you for your reply. I was talking to a friend who has been attending a boot camp and he mentioned this topic. We both had no idea and I am not sure that his boot camp was very helpful. I have done research and I am not sure which one would be a better choice.


I asked again:

Can you answer this question? Which of these is the better color? Blue or green?


And the response was:

Truthfully, I can’t. Now, I understand your point. It was just a weird topic and that is why we were confused.


I ultimately gave a fuller answer that included this text:

Which of these is the better color? Blue or green?

Yes, there simply isn’t a good answer. I asked my wife this, and she gave the perfect response “for what?”

That said, it’s always great when I can help someone understand a concept with a metaphor.

What’s the best color to use when painting the sky? Blue or green?

What’s the best color to use when painting grass? Blue or green?

These are much different questions and the answers are much easier to understand.

> >>> I have a question, what is a better way to secure a password?

> >>> Salting it, or encrypting it with a stronger algorithm ???

Does a hash encrypt? Yes, it’s one-way encryption.

Because of this, your original question doesn’t really make sense.

What algorithms use salts? Hashing algorithms.

So what hashing algorithms are you comparing against a stronger encryption algorithm?

Is it a bluer blue? Or a greener green?

What’s your goal? Where would you store the password? Typically a database.

How much space do you want to use to store each password within the database?

How much space does it take to store a salted SHA-2 database? (Hint, it’s always the same.)

Try it here:

A password of password is

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

A password of IL34ILaisoeve24$#

edaf8a9e807e5128e831c350b2984121836ead50934b52d5b05e112bf668b759

How much space does it take to store a password encrypted with AES?

Try it here:

Enter a password of password. How big is the result?

Enter a password of IL34ILaisoeve24$#. How big is the result?

How much space does it take? (Hint, it’s not always the same.)

Is a larger database an acceptable side effect of using traditional encryption rather than hashing?

It depends. Do you want a bluer blue? Or do you want a greener green.

Security+ : GCGA | Chapter 8, question 16

In Chapter 8 Practice Questions, question 16 asks what does this packet capture log means:

16:12:50, src 10.80.1.5:3389, dst 192.168.1.100:8080,syn/ack

In the answer section, it’s written that it concernes an RDP connection attempt. My question: While a RDP server listens on port 3389, shouldn’t the source have initiated a communication on a random high port and the destination would have been 3389 without a proxy and 8080 with a proxy (in this situation, there seems to have a proxy involved).


Here’s part of my response.

Think about a TCP three-way handshake (chapter 3, Figure 3.1).

1) Syn 2) Syn/Ack 3) Ack

Which packet (1, 2, 3) in the TCP three-way handshake is referenced in the question?

> shouldn’t the source > have initiated a communication on a random high port and the destination > would have been 3389

That makes sense. However, which packet (1,2,3) in the TCP three-way handshake is the communication initiated?

 

Hopefully, you can answer my questions and figure this out on your own. However, if you need a blunt answer, you can see it at the bottom of this page in the section titled “Blunt Answer on TCP Handshake query.”


 

I Failed – Any Advice?

I understand how devastating it can feel when you fail an exam. However, I also know the steps to turn this into a pass are often the same. Check out this advice that I’ve offered to others.

Update: Do this study self-assessment to evaluate your study habits.

 

Took my Security+ SY0-501 yesterday and I couldn't pass

Darril,

I took my Security plus SY0-501 yesterday and I couldn’t pass. I scored 687. It was kind of disappointment. Few things I could say from this year’s experience –

1. Questions were way difficult than the previous time SY0-401 (I passed my SY0-401 in very first attempt and scored 787 (Not sure exact score). Last time I used the same material – Completed your book, all the questions from questions bank – mean anything you offered for SY0-401).

2. This time also I studied the book, all assessment tests, all chapters questions. Only few questions were straight forward. Otherwise most of the questions were having big statements and very very confusing. Not a single performance based question from the question bank. I studied well and prepared well and was very confident.

3. Interestingly I got one simulation from previous version SY0-401 where you have 5-6 cable locks and you have 3 employee laptop, one server room and office. That’s only question I could remember.

I am working for a software company as a Security/Log Analyst and has 6 years of experience in this field.

Sorry for the lengthy email. Considering the difficulty level I am not sure what to study next. I really your help and guidance. If I could remember something else regarding exam I will send an email.

Looking forward for your guidance.


Here’s my response.

Sorry to hear you didn’t pass.

> I really your help and guidance.

CompTIA has made the questions more complex. However, the “How to Pass” section on the Member Home page (the landing page after you log on) outlines steps that many people have used to pass the exam.

One thing in that section that I frequently repeat to people is the importance of taking the time to understand why the correct answers are correct, and why the incorrect answers are incorrect. This gives you the best chance of accurately interpreting the questions on the live exam and answering them correctly.

When people tell me that they dropped the exam after using the online materials, I typically see one of three things.

– They didn’t use all the materials.

– They didn’t get recommended scores of 90% on all the materials.

– They memorized the questions and answers.

Looking at your online quiz history, I see you spent three days going through the materials. Additionally, I see the following:

You didn’t get recommended scores of 90% on all the materials.

Here are two (of many) examples:

  • You took the Extras Quiz 2 quiz once scoring 60%.
  • You took the Chapter 2 Extras quiz twice scoring 0% both times.

You may have inadvertently memorized the questions and answers. Spending just three days going through these materials and going through them so quickly indicates you may have memorized the questions and answers. At the very least, some of your times indicate that you may not have taken the time to remind yourself why the correct answers were correct and why the incorrect answers were incorrect.

Here’s an example:

A) SY0-501 Understanding Cryptography and PKI Test Mode – 93.33%

Score 14 out of 15 question(s). Points: 14/15 on August 16 11:46 am

B) SY0-501 Pre-assessment Exam Part 1 Test Mode – 95%

Score 38 out of 40 question(s). Points: 38/40 on August 16 11:37 am

You ended quiz B at 11:37 and ended quiz A at 11:46. This indicates you spent about 36 seconds on each question. While that is enough time to answer questions that you have seen enough times to memorize the answers, it isn’t enough time for most people to remind themselves why the correct answer is correct and why the incorrect answers are incorrect.

> I really your help and guidance.

The best advice I can give is to go through the materials again but follow the steps in the “How to Pass” section. I particularly encourage you to slow down and remind yourself why the correct answers are correct, and why the incorrect answers are incorrect.

Many people have said this helped them eliminate obvious incorrect answers and discover the correct answer even though it wasn’t obvious at first.

Hope this helps.

Darril

I failed the Security+ test for the second time

Hi Darril, I am a little in show today as I failed the Security + test for the second time. The first failure seemed about right I was not well prepared. However this time I felt I was well prepared get 95+ on all tests, quizes, power questions. And I did not memorize the test I new reasons for the answers. I studied literally night and day. Today I felt I would crush the test. However I got almost the same score as before. First time 709 this time 710. How is this possible? There where many things on the test I hadn’t seen. I not sure what to do now. I need this for my job. I obviously need to change my preparation.

Please any advise you can give will be much appreciated.


Here’s most of my response.

> I am a little in show today as I failed the Security + test for the second time.

Sorry to hear the exam is giving you a hard time. It is a tough exam and has given other people problems.

> Please any advise you can give will be much appreciated.

The “How to Pass” section on the Member Home page (the landing page when you log on) provides a formula for success that many people have reported worked for them. I encourage you to read it.

Step 3 states, in red, don’t take the same quiz twice in a day, and it explains why. In short, it encourages a healthy mind to memorize questions and answers. Worse, the higher practice test scores fools someone into thinking they fully understand the content.

Your quiz history shows you have repeatedly taken the same quizzes in the same day.

Step 5 emphasizes the importance of knowing not just the correct answer, but why the correct answer is correct and why the incorrect answers are incorrect. When doing practice test questions, it’s important to remind yourself why the correct answer is correct and why the incorrect answers are incorrect. This gives you the best chance of accurately interpreting the questions on the live exam and answering them correctly, no matter how CompTIA words them.

Here’s one example (labled A-D for reference)

Security+ (SY0-501) Extras Quiz 1 Learn Mode

A) January 11, 2019 07:53 am. Score – 50%. 10 out of 20 question(s). Points : 10/20

B) January 11, 2019 08:06 am. Score – 95%. 19 out of 20 question(s). Points : 19/20

C) February 04, 2019 05:41 pm. Score – 65%. 13 out of 20 question(s). Points : 13/20

D) February 04, 2019 06:02 pm. Score – 95%. 19 out of 20 question(s). Points : 19/20

Taking the same quiz more than once in the same day (such A and B, and C and D) tests whether you can remember the answer to a question you saw in the last half hour. It also encourages a healthy mind to remember questions and answers.

However, if you compare A and C, with scores of 50% and 65%, respectively, it gives you a more realistic reflection of your long term understanding of the content.

Take this a step further with the same quiz in test mode.

Security+ (SY0-501) Extras Quiz 1 Test Mode

A) February 05, 2019 02:04 am. Score – 100%. 20 out of 20 question(s). Points : 20/20

B) February 08, 2019 01:25 am. Score – 100%. 20 out of 20 question(s). Points : 20/20

C) February 08, 2019 01:25 am. Score – 30%. 6 out of 20 question(s). Points : 6/20

D) February 08, 2019 05:57 am. Score – 100%. 20 out of 20 question(s). Points : 20/20

Performance Based Questions Set 4

E) February 08, 2019 01:17 am. Score – 100%. 9 out of 9 question(s). Points : 25/25

The time difference between ending quiz E and ending quiz B is 8 minutes. This equates to about 24 seconds per question (8/20*60=24). This is enough time for someone to select the correct answer for questions that they’ve seen multiple times before. However, it isn’t enough time for most people to review all the answers and remind themselves why the correct answers are correct, why the incorrect answers are incorrect.

> Please any advise you can give will be much appreciated.

What can you do with this information?

First, read the “How to Pass” section today, and everyday before you start using any of the practice materials.

Second, go through all of the materials again, making sure you follow the advice in the “How to Pass”section. I would especially focus on steps 3, 4, and 5.

Hope this helps.

Darril

I am trying to figure out how to pass when I take the exam again

Darril. I failed yesterday. Not blaming you. But I am trying to figure out how to pass when I take the exam again.

I was too slow and I encountered question/scenarios and a few new performance tests that I had not see before anywhere.

On thing though, nothing here helps me prepare for the challenge of combining the performance based questions with multi choice in a timed test mode as far as I can see. I realized this too late of course I purposely did not look at the countdown clock. Now I’m try to over the blues about failing, train up and get over the hump.

Do you have any advice on speeding up your response/answer time without being clock paranoid?


Here’s my response.

You might like to check out these blog posts on the performance-based questions.

Skip Performance-based Questions

5 Performance-based Questions Tips

The only question I see you asking is this:

> Do you have any advice on speeding up your response/answer time without being clock paranoid?

The only thing that comes to mind is to be prepared.

How can you be prepared?

Check out the “How to Pass” section on the Member Home page (the landing page after you log on. It includes a formula that many people have reported that helped them to pass the exam. Some relevant advice includes:

– Use all the materials (including all four extras quizzes).

– Consistently get scores higher than 90%.

– Don’t take the same quiz more than once a day (to avoid memorizing answers).

– Read the explanations.

– Remind yourself why the correct answers are correct and why the incorrect answers are incorrect.

Looking at your quiz history, I see that you took quizzes between December 12 and December 1 but didn’t use all the materials, didn’t consistently get scores higher than 90%, and often took the same quiz more than once in the same day. Taking the same quiz more than once in a day encourages most healthy minds to memorize questions and answers, which is not a recipe for success.

Hope this helps.

Darril

Trying pass SY0-501 Exam, 3rd try

Hey Darril

I dont know if you reply to this email or not, I am just having so much trouble trying to pass the 501 exam. I’ve taken the course, I’ve studied dumps, I’ve bought your gcgapremium twice and I still cannot pass for the life of me. I have taken it 3 times and failed, and I just don’t know what I am doing wrong. I do well on your exams, the dumps etc but I am wondering if I am studying to the point of memorizing the answers and then when I get into the place to do the exam, the questions are completely different which confuses me. I am a system admin, not a security admin, so a lot of the questions I see I seem lost at. Any help would be appreciated, I need it to keep my job and I just don’t know what I am doing that is not right. I don’t really have anyone to study with so its mainly myself, but don’t know if there is a blog or something I can join to get some support or help.

Thanks for taking the time to read this.


Here’s most of my response.

Sorry to hear that the Security+ exam is giving you trouble.

>I do well on your exams, the dumps etc but

>Any help would be appreciated, I need it to keep my job and I just don’t know what I am doing that is not right.

First, skip the brain dumps. They rarely have explanations and are riddled with errors. The result is that people memorize incorrect answers without understanding the underlying content. You might like to read this blog post: The 5 Dangers of Brain Dumps

Second, when people tell me that they’ve failed after using the materials on the site, I typically see one (or more) of the following issues:

– They didn’t use all the materials.

– They didn’t get recommended scores of 90% on all the materials.

– They memorized the questions and answers.

Looking at your scores, here’s what I see:

– You didn’t use all the materials.

As an example, I don’t see any scores for the extras quizzes or set 2 of the performance-based questions by you.

– You didn’t get recommended scores of 90% on all the materials. Out of all the quiz results, I see only one with a score over 90%.

The good news is that the of the quizzes you took, you took most of them only once.

I encourage to read the “How to Pass” section on the member home (the landing page after you log on). It includes a formula for success that many people have reported worked for them.

If you follow that advice I believe you can pass this exam too. The biggest challenge you may face is unlearning memorized answers you memorized from brain dumps that did not include explanations.

Good luck,

Darril

Do you have any advise on how to cut down the amount of time that I'm spending on the questions?

Thank you.

I have learned a lot from your website, but still can’t pass the Sec+ exam. I’d like to ask if you have any advice or can assist me on something when taking the exam.I tend to clam up when in the testing center, and a huge part of that comes from the questions on the exam. I take the advise to skip all PB questions that I don’t know the answer to immediately, and go on to the multiple choice questions. My problem is that the questions are so long, and take me at least a minute to read, and another 1-2 minutes to understand the question. Before I know it, I have 10 minutes left to finish the exam, and I have about 20 questions left plus the PB questions that I skipped. I my scenario about, it may be a little off on the times, some of questions may take longer to read and understand.

Do you have any advise on how to cut down the amount of time that I’m spending on the questions?


Here’s my response.

Sorry to hear that the exam is giving you troubles.

> Do you have any advise on how to cut down the amount of time that I’m spending on the questions?

I assume you mean the amount of time you spend on the questions on the live exam.

If so, my advice is to spend more time on study materials before the exam.

One thing I frequently repeat related to practice test questions is the importance of knowing why the correct answer is correct and why the incorrect answers are incorrect. This gives you the best chance of accurately interpreting the questions on the live exam no matter how CompTIA words the questions.

The explanations give you this information and a study guide such as the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide  dig into the concepts deeper to help you fully understand the topics.

Practice. Practice. Practice.

When people tell me that they failed the exam after using the online materials, I typically see one of the following three issues.

  • They didn’t use all the materials.
  • They didn’t get recommended scores of 90% on all the materials.
  • They memorized the questions and answers.

Looking at your scores, here’s what I see.

You didn’t use all the materials. As an example, I don’t see any scores for any of the Extras quiz sets or the performance-based question sets. We have over 65 multiple choice questions added after the study guide was created and four sets of performance-based questions that include over 35 more questions.

Did you ultimately score higher than 90% on all the quizzes?

Your quiz history shows multiple quizzes with scores less than 90%.

Did you remind yourself why the correct answers were correct and why the incorrect answers were incorrect, or did you zip through the quizzes because you had memorized the questions and answers?

Only you know for sure.

However, here’s one example that indicates you may have inadvertently memorized questions and answers. I’ve numbered them 1 and 2 for reference.

1) September 12, 2018 01:52 am. Score – 73.33%. 11 out of 15 question(s). Points : 11/15

2) September 12, 2018 01:58 am. Score – 80%. 12 out of 15 question(s). Points : 12/15

You finished quiz 2 about 6 minutes after finishing quiz 1.

6 / 15 = .4 minutes

.4 * 60 = 24 seconds per question

24 seconds per question is enough time to answer a question that you’ve just seen. However, for most people, it is not enough time to remind yourself why the correct answers are correct and why the incorrect answers are incorrect.

I encourage you to check out the “How to Pass” section on the Member Home page (the landing page after you log on).

Last, I remember someone telling me that CompTIA granted him extra time after he asked, though I can’t remember the details. I believe he had a diagnosed medical condition and mentioned that in his request, though I don’t remember if he needed to provide some type of proof.

Hope this helps.

Darril

 


 

Braindumps

Should I use xxx?

I recently received this question from someone using material on this site.

I’m taking the exam on the 22nd of November. I’m passing your exams but I still need to put in more study so I can pass the test without any worries. I will renew and I have a question for you. Is xxx* worth the purchase to use along with your program? I love your program but there are those in the peanut gallery stating I need to buy pass4sure.

* The name of a known braindump source was replaced with xxx.

Here’s part of my answer.

Xxx has been known to be a braindump source. You might like to check out this blog post.

CompTIA states that you can lose your certification if you use braindumps and be banned from taking a CompTIA exam for 12 months.

You can query CompTIA to see if they consider it a braindump today: .

Even if you don’t get caught, braindumps cause other problems. They typically don’t have explanations for all the content and are known to have incorrect answers. People that use them memorize the questions and answers and fail, often without knowing why.

This LFAQ page includes a question from someone that failed the exam 5 times after memorizing content. “I Failed – Any Advice?”

Additionally, people that memorize questions and answers stumble during job interviews. They don’t get hired (and again often don’t know why).

Your choice though.

Here’s an important point that I didn’t mention to this gentleman. There is absolutely nothing wrong with using other study materials and I won’t say anything negative about legitimate study materials. Different study materials can help you look at topics from the perspective of another author. In many cases, this can help you clarify a concept. It is very common for someone to use more than one study source to pass any certification.

However, braindumps are not legitimate study materials.

Are the practice test questions exactly like the real exam?

Question: Are the practice test questions exactly like the real exam?

Answer: No. That would be cheating.

Our intention is to provide quality practice test questions and other study materials that help you pass the exam. Gratefully, we hear from people almost every day telling us that they passed the exam using CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide and/or study materials on this site.

Practice test questions that are exactly like the real exam are often called braindumps. You might like to take a look at this post:

And this LFAQ:


 

Am I Missing Something?

These emails didn’t arrive on April 1st, but when I first read them, I wondered if I was being pranked.

Do you provide something to unzip the files?

Hi Darrill,

I downloaded the audio files to my computer.I do not have software to unzip the files. I get a pop up that asks me to purchase winzip software. Do you provide something to unzip the files? When the files are unzipped how do I load them to my iphone? Thanks


Then a little while later…


Darril,

I am set I have purchased you book your practice app for my phone and now your audio tapes so I can be productive thru out the week end while working outside and driving in my car. How do I open the zip file on my iphone 6 and on my computer? when I try to place it on my computer I get a notice stating the want me to pay for something to open the zip fie. I also nee to get it on my iphone Thanks


Here’s part of my reply.


I received your two emails.

> Do you provide something to unzip the files?

There are multiple options and at first I thought that you were pranking me by indicating you didn’t know how to open a zip file. If this is new to you, you may find that you need to study much harder to pass the Security+ exam than someone with prerequisite knowledge and experience.

At any rate, I don’t know what operating system you use. Try this.

1. Open a web browser. 2. Go to Google.com 3. Type in “How can I unzip files” or “How can I unzip files for free” or “How can I unzip files on Windows” or “How can I unzip files on Linux”

You’ll see that there are many choices to help you.

> When the files are unzipped how do I load them to my iphone?

Once you unzip the files, try this. 1. Open a web browser. 2. Go to Google.com 3. Type in “how can I transfer mp3 files to my iphone” or “how can I transfer mp3 files to my iphone 6”

You’ll see that there are many choices to help you.

Hope this helps.

Darril

Does 30 days mean 30 days?

Hi I am looking at purchasing this study package for the labs etc. but is it valid for a specific length of time ? As I am liking to take security exam but I am worried if it’s subscription only I won’t have enough time Please let me know


Here’s part of my response:

Yes, as described on these pages depending on what package you want:

Pass the Security+ (SY0-501) Exam the First Time You Take It

SY0-501 Full Security+ Course

Renewals are available at a reduced price.


Then a little while later…


Ok so I am looking at getting the security + study package (basic package) at a cost of $34.99. It says on your website includes 30 day online access. So I understand this package will be valid for 30 days?


Here’s part of my response:

I’m puzzled…

You’re asking if “30 day online access” means it will be “valid for 30 days”?

I’m not sure if you’re pranking me or not.

….

At any rate, the answer is Yes.


* Blunt answer. It’s better if you discover the answer on your own. However, here’s a more direct answer if you need it.

Blunt Answer on TCP Handshake query

Blunt Answer on TCP Handshake query

Think about a TCP three-way handshake (chapter 3, Figure 3.1).

tcphandshake

1) Syn 2) Syn/Ack 3) Ack

Which packet (1, 2, 3) in the TCP three-way handshake is referenced in the question?

The question included this line (emphasis added).

16:12:50, src 10.80.1.5:3389, dst 192.168.1.100:8080, syn/ack

The “syn/ack” indicates the question is referencing the second packet. In other words, it is the packet returning from the server.

shouldn’t the source have initiated a communication on a random high port and the destination would have been 3389

That makes sense. However, which packet (1,2,3) in the TCP three-way handshake is the communication initiated?

The TCP three-way handshake  is initiated in the first packet (syn).

However, the question is not referencing the first packet, it is referencing the second packet.