nerdexam
EC-Council

312-50V13 · Question #486

You are a cybersecurlty consultant for a smart city project. The project involves deploying a vast network of loT devices for public utilities like traffic control, water supply, and power grid manage

The correct answer is A. Implement regular firmware updates for all loT devices.. Firmware Updates as the Primary DDoS Defense Regular firmware updates (Option A) are the primary recommendation because they patch known vulnerabilities that attackers exploit to compromise IoT devices and conscript them into botnets - the very mechanism used to launch DDoS attac

Submitted by kavita_s· Mar 6, 2026IoT Hacking

Question

You are a cybersecurlty consultant for a smart city project. The project involves deploying a vast network of loT devices for public utilities like traffic control, water supply, and power grid management The city administration is concerned about the possibility of a Distributed Denial of Service (DDoS) attack crippling these critical services. They have asked you for advice on how to prevent such an attack. What would be your primary recommendation?

Options

  • AImplement regular firmware updates for all loT devices.
  • BA Deploy network intrusion detection systems (IDS) across the loT network.
  • CEstablish strong, unique passwords for each loT device.
  • DImplement IP address whitelisting for all loT devices.

How the community answered

(46 responses)
  • A
    78% (36)
  • B
    4% (2)
  • C
    11% (5)
  • D
    7% (3)

Explanation

Firmware Updates as the Primary DDoS Defense

Regular firmware updates (Option A) are the primary recommendation because they patch known vulnerabilities that attackers exploit to compromise IoT devices and conscript them into botnets - the very mechanism used to launch DDoS attacks. By keeping firmware current, you eliminate the security weaknesses that allow hackers to take control of thousands of IoT devices simultaneously and weaponize them against your own infrastructure.

Why the distractors fall short:

  • Option B (IDS) detects attacks after they begin rather than preventing devices from being compromised in the first place - it's reactive, not preventive
  • Option C (Strong passwords) helps secure access but doesn't address software vulnerabilities that can be exploited regardless of password strength
  • Option D (IP whitelisting) limits communication partners but doesn't prevent already-compromised devices within the whitelist from participating in an attack

Memory Tip: Think of firmware updates as "vaccinating your devices" - just like vaccines prevent illness before it starts, firmware patches prevent exploitation before attackers can recruit your IoT devices into a DDoS botnet army. When you see DDoS + IoT, ask yourself: "What stops devices from being weaponized?" - the answer is always closing vulnerabilities at the source.

Topics

#IoT Security#DDoS Prevention#Firmware Updates#Vulnerability Management

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice