312-50V13 · Question #537
312-50V13 Question #537: Real Exam Question with Answer & Explanation
The correct answer is C: The attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic. Explanation Option C is correct because a Pulse Wave botnet attack satisfies all three attacker objectives simultaneously: botnets distribute traffic across thousands of IP addresses (concealing identity and defeating IP-based blocking), the pulsing pattern overwhelms resources i
Question
A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?
Options
- AThe attacker should instigate a protocol-based SYN flood attack, consuming connection state
- BThe attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's
- CThe attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic
- DThe attacker should initiate a volumetric flood attack using a single compromised machine to
Explanation
Explanation
Option C is correct because a Pulse Wave botnet attack satisfies all three attacker objectives simultaneously: botnets distribute traffic across thousands of IP addresses (concealing identity and defeating IP-based blocking), the pulsing pattern overwhelms resources in repeated waves that can bypass rate-limiting defenses, and the sheer volume from multiple sources exhausts network capacity at scale.
Why the distractors fail:
- Option A (SYN flood) targets connection state rather than full network exhaustion, and is easily mitigated by SYN cookies - it doesn't meet the "resistant to simple defenses" requirement
- Option B (ICMP flood from single IP) is immediately defeated by the simplest countermeasure mentioned - IP-based blocking - making it the worst strategic choice
- Option D (single compromised machine volumetric flood) similarly originates from one source, making it trivially blocked and incapable of generating sufficient traffic to overwhelm a major retailer's infrastructure
Memory Tip: Think "BPR" - Botnet + Pulse + Resistance. Whenever an exam question mentions all three of concealment, volume, and defense-resistance, a distributed botnet technique will almost always be the answer, since no single-source attack can satisfy all three criteria simultaneously.
Topics
Community Discussion
No community discussion yet for this question.