350-201(NEW-127Q) · Question #104
350-201(NEW-127Q) Question #104: Real Exam Question with Answer & Explanation
The correct answer is C. IPS. IPS (C) and Wireshark (B) are the two tools suited for detecting and mitigating this attack. An IPS (Intrusion Prevention System) actively monitors network traffic in real time, can identify anomalous patterns such as a DDoS amplification attack exploiting the SQL Server Resoluti
Question
Options
- Aautopsy
- BWireshark
- CIPS
- DSHA512
Explanation
IPS (C) and Wireshark (B) are the two tools suited for detecting and mitigating this attack. An IPS (Intrusion Prevention System) actively monitors network traffic in real time, can identify anomalous patterns such as a DDoS amplification attack exploiting the SQL Server Resolution Protocol (UDP port 1434), and automatically blocks malicious traffic - making it the primary mitigation tool. Wireshark complements this by capturing raw packets so engineers can inspect and confirm the attack vector, though it is passive and cannot block traffic on its own. Autopsy (A) is a digital forensics tool for analyzing disk images post-incident - useful for investigations but irrelevant to live attack detection or prevention. SHA512 (D) is a cryptographic hashing algorithm used for data integrity checks, with no role in network traffic analysis or DDoS mitigation.
Memory tip: Think "detect + deflect" - you need one tool to see the attack (Wireshark captures packets) and one to stop it (IPS blocks it). Autopsy is for autopsies (dead systems), and SHA512 is for checksums - neither fights live network attacks.
Note: The question says "Choose two," so both B (Wireshark) and C (IPS) are the intended correct pair, even though only C is listed in your answer key.
Topics
Community Discussion
No community discussion yet for this question.