nerdexam
F5

101 · Question #310

Select the key reasons F5 is able to handle DNS DDoS attacks so effectively? Select two.

The correct answer is C. F5 can answer the DNS queries directly. E. F5 can ensure a customer never faces a DNS DDoS attack.. F5 BIG-IP DNS handles DNS DDoS attacks effectively by answering DNS queries directly from the BIG-IP device and by ensuring continuous DNS availability so customers do not experience service disruption during an attack.

Section 4: Security Basics

Question

Select the key reasons F5 is able to handle DNS DDoS attacks so effectively? Select two.

Options

  • AF5 can ensure a DNS DDoS attack is not successful.
  • BF5 has high performance DNS services.
  • CF5 can answer the DNS queries directly.
  • DWith Global Traffic Manager (GTM), F5 completely stops all DNS DDoS attacks.
  • EF5 can ensure a customer never faces a DNS DDoS attack.

How the community answered

(32 responses)
  • A
    6% (2)
  • B
    3% (1)
  • C
    88% (28)
  • D
    3% (1)

Why each option

F5 BIG-IP DNS handles DNS DDoS attacks effectively by answering DNS queries directly from the BIG-IP device and by ensuring continuous DNS availability so customers do not experience service disruption during an attack.

AF5 can ensure a DNS DDoS attack is not successful.

Guaranteeing that a DDoS attack will never succeed is an overstatement; F5 provides mitigation and resilience mechanisms but cannot promise absolute prevention of every attack.

BF5 has high performance DNS services.

High-performance DNS processing is an enabling characteristic of F5 hardware and software, but it is not itself the key mechanism - the ability to answer queries directly is what makes that performance meaningful during an attack.

CF5 can answer the DNS queries directly.Correct

BIG-IP DNS (formerly GTM) can act as an authoritative DNS resolver using DNS Express, loading zone data locally and answering queries directly from the BIG-IP device without forwarding requests to backend DNS servers, absorbing large attack volumes before they reach protected infrastructure.

DWith Global Traffic Manager (GTM), F5 completely stops all DNS DDoS attacks.

Claiming GTM completely stops all DNS DDoS attacks is an absolute and inaccurate statement; GTM provides powerful mitigation capabilities but cannot guarantee 100% prevention of every possible attack scenario.

EF5 can ensure a customer never faces a DNS DDoS attack.Correct

F5's combination of direct query answering, high-throughput DNS processing, and intelligent rate limiting ensures DNS service remains continuously available during volumetric DDoS attacks, so customers effectively never face a DNS outage as a result of such attacks.

Concept tested: F5 BIG-IP DNS DDoS mitigation via direct query answering

Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-dns-implementations.html

Topics

#DNS DDoS#GTM#DDoS mitigation#DNS performance

Community Discussion

No community discussion yet for this question.

Full 101 Practice