CISSP · Question #462
Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?
The correct answer is D. Have the source service provider block the address. When dealing with externally sourced flood attacks (such as DDoS), the most effective mitigation is to block traffic upstream, before it reaches your network. Having the source ISP or upstream service provider block the malicious address prevents the flood traffic from ever consu
Question
Options
- AStock the source address at the firewall.
- BHave this service provide block the source address.
- CBlock all inbound traffic until the flood ends.
- DHave the source service provider block the address
How the community answered
(50 responses)- A4% (2)
- B10% (5)
- C2% (1)
- D84% (42)
Why each option
When dealing with externally sourced flood attacks (such as DDoS), the most effective mitigation is to block traffic upstream, before it reaches your network. Having the source ISP or upstream service provider block the malicious address prevents the flood traffic from ever consuming your bandwidth or resources.
Blocking the source address at your own firewall still allows the flood traffic to traverse your upstream bandwidth and reach your network edge, meaning your connection and perimeter devices can still be saturated and overwhelmed.
Having 'this service' block the source address is vague and technically insufficient - blocking at your own service level does not prevent inbound flood traffic from consuming upstream bandwidth and network resources before packets are dropped.
Blocking all inbound traffic until the flood ends is an extreme measure that causes a self-inflicted denial of service, making your services completely unavailable to legitimate users and not just the attacker.
Having the source service provider block the attacking address is the best approach because it stops malicious flood traffic upstream, before it ever reaches your network infrastructure or consumes your available bandwidth. This upstream blocking means your firewall, routers, and servers are not overwhelmed processing and dropping packets, which is the core problem with flood attacks. Mitigating at the source ISP level is a foundational principle of DDoS defense known as upstream or blackhole filtering.
Concept tested: Upstream DDoS mitigation via ISP-level blocking
Source: https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf
Topics
Community Discussion
No community discussion yet for this question.