312-50V12 Question #187: Real Exam Question with Answer & Explanation

Question

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?

Options

• AThe attacker should instigate a protocol-based SYN flood attack, consuming connection state
• BThe attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic
• CThe attacker should initiate a volumetric flood attack using a single compromised machine to
• DThe attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's

Explanation

A botnet-driven Pulse Wave attack is the most effective strategy for a highly disruptive, concealed DDoS attack because it leverages distributed sources to evade IP-based blocking while overwhelming network resources with high-volume traffic.

Common mistakes.

• A. A SYN flood attack from a single instigator is vulnerable to IP-based blocking and may not exhaust all network resources as effectively as a distributed volumetric attack.
• C. A volumetric flood attack using a single compromised machine is easily mitigated by simple IP-based blocking and fails to provide the required attacker concealment.
• D. A simple ICMP flood attack from a single IP is easily blocked and lacks the distributed nature and potential for widespread disruption sought by the attacker.

Concept tested. DDoS attack strategies (Volumetric, Botnet, Evasion)

Reference. https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-attack-vector-types

No community discussion yet for this question.