CompTIA
CAS-003 · Question #544
CAS-003 Question #544: Real Exam Question with Answer & Explanation
The correct answer is B: Apply ingress filters at the routers.. SYN flood attacks from a small set of known IP addresses are best mitigated at the network perimeter by applying ingress filters that drop malicious traffic before it consumes internal resources.
Question
A cybersecurity analyst is hired to review the security the posture of a company. The cybersecurity analyst notice a very high network bandwidth consumption due to SYN floods from a small number of IP addresses. Which of the following would be the BEST action to take to support incident response?
Options
- AIncrease the company's bandwidth.
- BApply ingress filters at the routers.
- CInstall a packet capturing tool.
- DBlock all SYN packets.
Explanation
SYN flood attacks from a small set of known IP addresses are best mitigated at the network perimeter by applying ingress filters that drop malicious traffic before it consumes internal resources.
Common mistakes.
- A. Increasing bandwidth does not stop the attack - it only delays resource exhaustion and provides no security value against the underlying flood.
- C. A packet capture tool is useful for forensic analysis and evidence collection but does not actively reduce or stop the incoming SYN flood traffic.
- D. Blocking all SYN packets would prevent every new legitimate TCP connection from being established, causing a complete self-inflicted denial of service for all users and services.
Concept tested. SYN flood DDoS mitigation using perimeter ingress filtering
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Community Discussion
No community discussion yet for this question.