CISSP-ISSEP · Question #21
The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
The correct answer is C. looks like normal network activity.. DDoS attacks are most dangerous precisely because the traffic looks like normal network activity - each participating bot sends what appear to be legitimate requests, making it hard to distinguish attack traffic from real users. This volumetric flooding disguises malicious intent
Question
The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
Options
- Aexploits weak authentication to penetrate networks.
- Bcan be detected with signature analysis.
- Clooks like normal network activity.
- Dis commonly confused with viruses or worms.
How the community answered
(41 responses)- A2% (1)
- B5% (2)
- C93% (38)
Explanation
DDoS attacks are most dangerous precisely because the traffic looks like normal network activity - each participating bot sends what appear to be legitimate requests, making it hard to distinguish attack traffic from real users. This volumetric flooding disguises malicious intent as ordinary load, which is the defining challenge in detecting and mitigating DDoS.
Why the distractors are wrong:
- A - DDoS doesn't rely on exploiting weak authentication; it overwhelms availability through sheer traffic volume, not credential compromise.
- B - Because traffic mimics legitimate requests, signature-based detection often fails; DDoS is notoriously difficult to catch with simple signatures.
- D - DDoS is a network-layer availability attack, entirely distinct from viruses or worms, which are self-replicating malware; the two are rarely confused in practice.
Memory tip: Think of DDoS as a "flash mob" attack - thousands of people individually doing something normal (walking into a store), but collectively making it impossible to operate. The chaos looks like business as usual until the system collapses.
Topics
Community Discussion
No community discussion yet for this question.