101 Question #310: Real Exam Question with Answer & Explanation

Question

Options

• AF5 can ensure a DNS DDoS attack is not successful.
• BF5 has high performance DNS services.
• CF5 can answer the DNS queries directly.
• DWith Global Traffic Manager (GTM), F5 completely stops all DNS DDoS attacks.
• EF5 can ensure a customer never faces a DNS DDoS attack.

Explanation

F5 BIG-IP DNS handles DNS DDoS attacks effectively by answering DNS queries directly from the BIG-IP device and by ensuring continuous DNS availability so customers do not experience service disruption during an attack.

Common mistakes.

• A. Guaranteeing that a DDoS attack will never succeed is an overstatement; F5 provides mitigation and resilience mechanisms but cannot promise absolute prevention of every attack.
• B. High-performance DNS processing is an enabling characteristic of F5 hardware and software, but it is not itself the key mechanism - the ability to answer queries directly is what makes that performance meaningful during an attack.
• D. Claiming GTM completely stops all DNS DDoS attacks is an absolute and inaccurate statement; GTM provides powerful mitigation capabilities but cannot guarantee 100% prevention of every possible attack scenario.

Concept tested. F5 BIG-IP DNS DDoS mitigation via direct query answering

Reference. https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-dns-implementations.html

No community discussion yet for this question.