nerdexam
(ISC)2

CISSP · Question #220

The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it

The correct answer is C. looks like normal network activity.. DDoS attacks are particularly dangerous because the flood of traffic from multiple distributed sources mimics legitimate user behavior, making detection and mitigation difficult.

Submitted by jakub_pl· Mar 5, 2026Communication and Network Security

Question

The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it

Options

  • Aexploits weak authentication to penetrate networks.
  • Bcan be detected with signature analysis.
  • Clooks like normal network activity.
  • Dis commonly confused with viruses or worms.

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    6% (2)
  • C
    91% (31)

Why each option

DDoS attacks are particularly dangerous because the flood of traffic from multiple distributed sources mimics legitimate user behavior, making detection and mitigation difficult.

Aexploits weak authentication to penetrate networks.

Exploiting weak authentication is characteristic of brute-force or credential-stuffing attacks, not DDoS attacks, which aim to exhaust resources rather than gain unauthorized access.

Bcan be detected with signature analysis.

DDoS traffic often evades traditional signature-based detection precisely because the packets themselves may be well-formed and lack unique malicious signatures, making signature analysis insufficient as a primary detection method.

Clooks like normal network activity.Correct

A primary characteristic of DDoS attacks is that the volumetric flood originates from thousands of distributed (often compromised) hosts, each sending individually small and seemingly legitimate requests. This distributed nature causes the aggregate attack traffic to blend in with normal network activity, making it extremely difficult to distinguish malicious packets from genuine user traffic without advanced behavioral analysis.

Dis commonly confused with viruses or worms.

Viruses and worms are self-replicating malware categories distinct from DDoS attacks; while botnets used in DDoS may be spread by malware, the attack mechanism itself is not commonly confused with viruses or worms.

Concept tested: Primary characteristics and detection challenges of DDoS attacks

Source: https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf

Topics

#DDoS attack#denial of service#network attacks#traffic anomaly

Community Discussion

No community discussion yet for this question.

Full CISSP Practice