Which of the following are effective protective or countermeasures against a distributed denial-of-service attack?
a = Redundant network layout;
b = Secret fully qualified domain names (FQDNs);
c = Reserved bandwidth;
d = Traffic filtering;
e = Network Address Translation (NAT).
A.
b and e
B.
b, d, and e
C.
a and c
D.
a, c, and d
Explanation:
D: Countermeasures to a denial-of-service attack include, but are not limited to: multiple layers of firewalls, careful filtering on firewalls, routers and switches, internal network access controls (NAC), redundant (diverse) network connections, load balancing, reserved bandwidth (quality of service, which would at least protect systems not directly targeted), and blocking traffic from an attacker on upstream router.
Page 745.