350-201(NEW-127Q) · Question #46
350-201(NEW-127Q) Question #46: Real Exam Question with Answer & Explanation
The correct answer is D. Implement rate limiting and traffic filtering rules.. Implementing rate limiting and traffic filtering (D) is the correct first response because a DDoS attack works by overwhelming your server with traffic - stopping that flood at the network/firewall layer is the only action that immediately reduces harm to the affected system whil
Question
Options
- AConduct a comprehensive log analysis.
- BGather and preserve evidence for legal purposes.
- CIsolate and disconnect affected servers.
- DImplement rate limiting and traffic filtering rules.
Explanation
Implementing rate limiting and traffic filtering (D) is the correct first response because a DDoS attack works by overwhelming your server with traffic - stopping that flood at the network/firewall layer is the only action that immediately reduces harm to the affected system while it's still under attack.
Why the distractors are wrong:
- A (Log analysis) is valuable for understanding the attack, but analyzing logs while the server is being hammered doesn't stop the damage - it's a post-stabilization step.
- B (Preserve evidence) is a legal/forensic concern that comes after you've contained the threat; evidence collection during active attack is premature and delays mitigation.
- C (Isolate/disconnect servers) sounds decisive but is counterproductive for a web server - taking it offline means the attacker wins by achieving the same result as the DDoS itself (unavailability).
Memory tip: Think "stop the bleeding before the autopsy." In DDoS response, traffic filtering is your tourniquet - everything else (logging, evidence, analysis) happens once the flood is controlled. The order is: Filter → Analyze → Document.
Topics
Community Discussion
No community discussion yet for this question.