312-50V12 · Question #244
312-50V12 Question #244: Real Exam Question with Answer & Explanation
The correct answer is D: f=490: The server can handle 490 SYN packets per second. With 's' exceeding 'f' by 10, the. This question tests understanding of SYN flood attack overload thresholds by calculating which scenario produces the greatest excess of attack traffic over the system's handling capacity, resulting in the most severe exponential response time degradation.
Question
Your network infrastructure is under a SYN flood attack. The attacker has crafted an automated botnet to simultaneously send 's' SYN packets per second to the server. You have put measures in place to manage 'f' SYN packets per second, and the system is designed to deal with this number without any performance issues. If 's' exceeds 'f', the network infrastructure begins to show signs of overload. The system's response time increases exponentially (2^k), where 'k' represents each additional SYN packet above the 'f' limit. Now, considering 's=500' and different 'f' values, in which scenario is the server most likely to experience overload and significantly increased response times?
Options
- Af=510: The server can handle 510 SYN packets per second, which is greater than what the
- Bf=495: The server can handle 495 SYN packets per second. The response time drastically rises
- Cf=505: The server can handle 505 SYN packets per second. In this case, the response time
- Df=490: The server can handle 490 SYN packets per second. With 's' exceeding 'f' by 10, the
Explanation
This question tests understanding of SYN flood attack overload thresholds by calculating which scenario produces the greatest excess of attack traffic over the system's handling capacity, resulting in the most severe exponential response time degradation.
Common mistakes.
- A. When f=510, the server capacity exceeds the attack rate (510 > 500), so s does not exceed f and no overload condition is triggered at all.
- B. When f=495, the server is overloaded by only 5 packets per second (500 - 495 = 5), resulting in a response time multiplier of 2^5 = 32x, which is significantly less severe than the 2^10 = 1024x multiplier in scenario D.
- C. When f=505, the server capacity exceeds the attack rate (505 > 500), so s does not exceed f and no overload condition occurs, similar to scenario A.
Concept tested. SYN flood attack impact and exponential overload threshold analysis
Reference. https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
Topics
Community Discussion
No community discussion yet for this question.