SY0-501 Question #523: Real Exam Question with Answer & Explanation

Question

A bank is experiencing a DoS attack against an application designed to handle 500IP-based sessions. in addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent a DoS attacks in the future?

Options

• ADeploy multiple web servers and implement a load balancer
• BIncrease the capacity of the perimeter router to 10 Gbps
• CInstall a firewall at the network to prevent all attacks
• DUse redundancy across all network devices and services

Explanation

To prevent future DoS attacks against both an application and network infrastructure, implementing redundancy across all network devices and services is the most effective comprehensive solution.

Common mistakes.

• A. While deploying multiple web servers with a load balancer improves application scalability and distributes legitimate requests, it doesn't comprehensively address network-level DoS attacks that could still overwhelm the single perimeter router or other network infrastructure components.
• B. Increasing the perimeter router's capacity only scales one component vertically and does not provide redundancy or address other potential bottlenecks or application-layer attacks within the network.
• C. A firewall is a crucial security device for filtering traffic, but it cannot prevent "all attacks," especially complex DoS attacks designed to bypass standard filtering or overwhelm the firewall itself.

Concept tested. DoS Attack Resilience through Redundancy

Reference. https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices

No community discussion yet for this question.