101 · Question #310
Select the key reasons F5 is able to handle DNS DDoS attacks so effectively? Select two.
The correct answer is C. F5 can answer the DNS queries directly. E. F5 can ensure a customer never faces a DNS DDoS attack.. F5 BIG-IP DNS handles DNS DDoS attacks effectively by answering DNS queries directly from the BIG-IP device and by ensuring continuous DNS availability so customers do not experience service disruption during an attack.
Question
Select the key reasons F5 is able to handle DNS DDoS attacks so effectively? Select two.
Options
- AF5 can ensure a DNS DDoS attack is not successful.
- BF5 has high performance DNS services.
- CF5 can answer the DNS queries directly.
- DWith Global Traffic Manager (GTM), F5 completely stops all DNS DDoS attacks.
- EF5 can ensure a customer never faces a DNS DDoS attack.
How the community answered
(32 responses)- A6% (2)
- B3% (1)
- C88% (28)
- D3% (1)
Why each option
F5 BIG-IP DNS handles DNS DDoS attacks effectively by answering DNS queries directly from the BIG-IP device and by ensuring continuous DNS availability so customers do not experience service disruption during an attack.
Guaranteeing that a DDoS attack will never succeed is an overstatement; F5 provides mitigation and resilience mechanisms but cannot promise absolute prevention of every attack.
High-performance DNS processing is an enabling characteristic of F5 hardware and software, but it is not itself the key mechanism - the ability to answer queries directly is what makes that performance meaningful during an attack.
BIG-IP DNS (formerly GTM) can act as an authoritative DNS resolver using DNS Express, loading zone data locally and answering queries directly from the BIG-IP device without forwarding requests to backend DNS servers, absorbing large attack volumes before they reach protected infrastructure.
Claiming GTM completely stops all DNS DDoS attacks is an absolute and inaccurate statement; GTM provides powerful mitigation capabilities but cannot guarantee 100% prevention of every possible attack scenario.
F5's combination of direct query answering, high-throughput DNS processing, and intelligent rate limiting ensures DNS service remains continuously available during volumetric DDoS attacks, so customers effectively never face a DNS outage as a result of such attacks.
Concept tested: F5 BIG-IP DNS DDoS mitigation via direct query answering
Source: https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-dns-implementations.html
Topics
Community Discussion
No community discussion yet for this question.