PrepAway - Latest Free Exam Questions & Answers

The administrator suspects that:

An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:

PrepAway - Latest Free Exam Questions & Answers

A.
it is being caused by the presence of a rogue access point.

B.
it is the beginning of a DDoS attack.

C.
the IDS has been compromised.

D.
the internal DNS tables have been poisoned.

Explanation:
A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate
traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web
servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is
overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are
that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the
behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense
mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able
to simply add more attack machines. This after all will end up completely crashing a website for periods of time.
Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and
time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.
Incorrect Answers:
A: A rogue access point would not cause a spike in network traffic from many sources unless many computers had connected to the rogue access point and
started sending lots of traffic.
Therefore, this answer is incorrect.
C: The question states that an administrator notices an unusual spike in network traffic from many sources. You would typically notice this on a firewall or an IDS
system. It’s unlikely the IDS has been compromised. A DDoS attack is far more common. Therefore, this answer is incorrect.
D: DNS poisoning is the process of inserting incorrect information into DNS records. This may cause a slight increase in broadcast traffic on the network (as
computers try to locate each other) but it would not cause a serious spike in network traffic. Therefore, this answer is incorrect.

http://en.wikipedia.org/wiki/Denial-of-service_attack


Leave a Reply