Certified Ethical Hacker test | TrustEd Institute

15:00

Stop

CEH - Denial-of-Service - DoS/DDoS Concepts

Expert

1/15

You are a cybersecurity consultant hired to assess a financial institution's network defenses. During your assessment, you discover that the institution is vulnerable to amplification attacks due to misconfigured DNS servers that allow recursive queries from any source. The bank's infrastructure includes several high-bandwidth connections to multiple ISPs. What would be the most effective approach to protect against potential DNS amplification DDoS attacks?

Implement Response Rate Limiting (RRL) on DNS servers and configure them to refuse recursive queries from external sources

Establish a comprehensive traffic baseline during peak business hours and configure automatic traffic diversion when volume exceeds 150% of the baseline metrics for more than two consecutive minutes

Deploy multiple next-generation firewalls at network edges that can perform deep packet inspection on all incoming DNS traffic and drop packets with suspicious payload sizes

Set up a cloud-based DDoS protection service that utilizes traffic scrubbing centers to analyze and filter malicious traffic before it reaches the organization's network