BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 312-50 Topic 2 Question 94 Discussion

Actual exam question for Eccouncil's 312-50 exam
Question #: 94
Topic #: 2
[All 312-50 Questions]

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?

Show Suggested Answer Hide Answer
Suggested Answer: A

A Pulse Wave attack is a type of DDoS attack that uses a botnet to send high-volume traffic pulses at regular intervals, typically lasting for a few minutes each. The attacker can adjust the frequency and duration of the pulses to maximize the impact and evade detection. A Pulse Wave attack can exhaust the network resources of the target, as well as the resources of any DDoS mitigation service that the target may use. A Pulse Wave attack can also conceal the attacker's identity, as the traffic originates from multiple sources that are part of the botnet. A Pulse Wave attack can bypass simple defensive measures, such as IP-based blocking, as the traffic can appear legitimate and vary in source IP addresses.

The other options are less effective or feasible for the attacker's objectives. A protocol-based SYN flood attack is a type of DDoS attack that exploits the TCP handshake process by sending a large number of SYN requests to the target server, without completing the connection. This consumes the connection state tables on the server, preventing it from accepting new connections. However, a SYN flood attack can be easily detected and mitigated by using SYN cookies or firewalls. A SYN flood attack can also expose the attacker's identity, as the source IP addresses of the SYN requests can be traced back to the attacker. An ICMP flood attack is a type of DDoS attack that sends a large number of ICMP packets, such as ping requests, to the target server, overwhelming its ICMP processing capacity. However, an ICMP flood attack from a single IP can be easily blocked by using IP-based filtering or disabling ICMP responses. An ICMP flood attack can also reveal the attacker's identity, as the source IP address of the ICMP packets can be identified. A volumetric flood attack is a type of DDoS attack that sends a large amount of traffic to the target server, saturating its network bandwidth and preventing legitimate users from accessing it. However, a volumetric flood attack using a single compromised machine may not be sufficient to overwhelm the network bandwidth of a major online retailer, as the attacker's machine may have limited bandwidth itself. A volumetric flood attack can also be detected and mitigated by using traffic shaping or rate limiting techniques.Reference:

Pulse Wave DDoS Attacks: What You Need to Know

DDoS Attack Prevention: 7 Effective Mitigation Strategies

DDoS Attack Types: Glossary of Terms

DDoS Attacks: What They Are and How to Protect Yourself

DDoS Attack Prevention: How to Protect Your Website


by Katina at Sep 14, 2024, 07:43 PM

Limited Time Offer

25%

Off

Get Premium 312-50 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Murray
20 days ago
Option C, all the way! Botnet Pulse Wave is the perfect combo of high-volume and covert. Gotta stay one step ahead of those security teams, am I right?
upvoted 0 times
Kris
5 days ago
Definitely, Option C sounds like a solid plan. Pulse Wave attacks can be really effective.
upvoted 0 times
...
...
Carey
23 days ago
Ooh, Option B is a classic. ICMP flood, you say? Bet the retailer didn't see that one coming. Gotta love a good ol' exploit, right?
upvoted 0 times
Tommy
3 days ago
Elza: The retailer better have some strong defenses in place.
upvoted 0 times
...
Elza
4 days ago
User 2: Definitely, it's a sneaky way to overload the network.
upvoted 0 times
...
Karl
13 days ago
Yeah, ICMP flood attacks can be pretty effective.
upvoted 0 times
...
...
Kimberlie
29 days ago
Haha, Option D is just lazy. Using a single machine? That's not very disruptive, is it? I'd go for the botnet Pulse Wave, keep 'em on their toes!
upvoted 0 times
...
Sueann
30 days ago
I think Option A is the most effective. A good old-fashioned SYN flood will tie up those servers and leave the retailer scrambling. Keeps the attacker's identity hidden too.
upvoted 0 times
...
Dominga
1 months ago
Why do you think option D is better?
upvoted 0 times
...
Sunny
2 months ago
I disagree, I believe option D is the best choice.
upvoted 0 times
...
Dominga
2 months ago
I think option C would be the most effective.
upvoted 0 times
...
Dexter
2 months ago
Option C is definitely the way to go. A botnet-based Pulse Wave attack is designed to evade simple defenses like IP blocking. Gotta keep that identity on the down-low, you know?
upvoted 0 times
Kattie
1 months ago
I agree, using a botnet for a Pulse Wave attack is a smart move.
upvoted 0 times
...
Von
1 months ago
Yeah, it's a good way to overwhelm the network resources while staying hidden.
upvoted 0 times
...
...

Save Cancel