nerdexam
ExamsGCIHQuestions#30
GIAC

GCIH · Question #30

GCIH Question #30: Real Exam Question with Answer & Explanation

The correct answer is A: SPI. Stateful Packet Inspection (SPI) is the most effective defense against DoS attacks because it tracks connection states and can identify and drop flood or malformed traffic that does not match a valid session.

Incident Response & Cyber Kill Chain

Question

DOS attacks. Which of the following is most useful against DOS attacks?

Options

  • ASPI
  • BDistributive firewall
  • CHoney Pot
  • DInternet bot

Explanation

Stateful Packet Inspection (SPI) is the most effective defense against DoS attacks because it tracks connection states and can identify and drop flood or malformed traffic that does not match a valid session.

Common mistakes.

  • B. A distributive firewall improves security coverage across a network but does not inherently provide the connection-state tracking mechanism needed to specifically counter DoS flood traffic.
  • C. A honeypot is a decoy system used to lure and study attackers, not a tool that actively blocks or mitigates DoS traffic directed at production systems.
  • D. An internet bot is an automated software agent and is not a defensive security technology used to counter DoS attacks.

Concept tested. Stateful Packet Inspection as a DoS countermeasure

Reference. https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-stateful-firewall.html

Topics

#SPI firewall#DoS protection#stateful packet inspection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice