nerdexam
(ISC)2

CISSP · Question #462

Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?

The correct answer is D. Have the source service provider block the address. When dealing with externally sourced flood attacks (such as DDoS), the most effective mitigation is to block traffic upstream, before it reaches your network. Having the source ISP or upstream service provider block the malicious address prevents the flood traffic from ever consu

Submitted by andreas_gr· Mar 5, 2026Communication and Network Security

Question

Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?

Options

  • AStock the source address at the firewall.
  • BHave this service provide block the source address.
  • CBlock all inbound traffic until the flood ends.
  • DHave the source service provider block the address

How the community answered

(50 responses)
  • A
    4% (2)
  • B
    10% (5)
  • C
    2% (1)
  • D
    84% (42)

Why each option

When dealing with externally sourced flood attacks (such as DDoS), the most effective mitigation is to block traffic upstream, before it reaches your network. Having the source ISP or upstream service provider block the malicious address prevents the flood traffic from ever consuming your bandwidth or resources.

AStock the source address at the firewall.

Blocking the source address at your own firewall still allows the flood traffic to traverse your upstream bandwidth and reach your network edge, meaning your connection and perimeter devices can still be saturated and overwhelmed.

BHave this service provide block the source address.

Having 'this service' block the source address is vague and technically insufficient - blocking at your own service level does not prevent inbound flood traffic from consuming upstream bandwidth and network resources before packets are dropped.

CBlock all inbound traffic until the flood ends.

Blocking all inbound traffic until the flood ends is an extreme measure that causes a self-inflicted denial of service, making your services completely unavailable to legitimate users and not just the attacker.

DHave the source service provider block the addressCorrect

Having the source service provider block the attacking address is the best approach because it stops malicious flood traffic upstream, before it ever reaches your network infrastructure or consumes your available bandwidth. This upstream blocking means your firewall, routers, and servers are not overwhelmed processing and dropping packets, which is the core problem with flood attacks. Mitigating at the source ISP level is a foundational principle of DDoS defense known as upstream or blackhole filtering.

Concept tested: Upstream DDoS mitigation via ISP-level blocking

Source: https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf

Topics

#DDoS mitigation#flood attack#network security#upstream filtering

Community Discussion

No community discussion yet for this question.

Full CISSP Practice