Which of the following are effective protective or countermeasures against a distributed denial-of-service attack?
a = Redundant network layout;
b = Secret fully qualified domain names (FQDNs);
c = Reserved bandwidth;
d = Traffic filtering;
e = Network Address Translation (NAT).
A.
b and e
B.
b, d, and e
C.
a and c
D.
a, c, and d
Explanation:
D: Countermeasures to a denial-of-service attack include, but are not limited to: multiple layers of firewalls, careful filtering on firewalls, routers and switches, internal network access controls (NAC), redundant (diverse) network connections, load balancing, reserved bandwidth (quality of service, which would at least protect systems not directly targeted), and blocking traffic from an attacker on upstream router.
Page 745.
Countermeasures to a denial-of-service attack include, but are not limited to: multiple layers of firewalls, careful filtering on firewalls, routers and switches, internal network access controls (NAC), redundant (diverse) network connections, load balancing, reserved bandwidth (quality of service, which would at least protect systems not directly targeted), and blocking traffic from an attacker on upstream router.
對策拒絕服務攻擊包括,但不限於:防火牆的多個層上的防火牆,路由器和交換機小心過濾,內部網絡訪問控制(NAC),冗餘(多樣)的網絡連接,負載平衡,保留帶寬從上游路由器上的攻擊者,並且阻塞交通(服務,這至少會保護系統沒有直接針對性的質量)。
0
0