CompTIA CASP+ (CAS-003) — Question 188

A network administrator is concerned about a particular server that is attacked occasionally from hosts on the Internet. The server is not critical; however, the attacks impact the rest of the network.
While the company's current ISP is cost effective, the ISP is slow to respond to reported issues. The administrator needs to be able to mitigate the effects of an attack immediately without opening a trouble ticket with the ISP. The ISP is willing to accept a very small network route advertised with a particular BGP community string. Which of the following is the BEST way for the administrator to mitigate the effects of these attacks?

Answer options

• A. Use the route protection offered by the ISP to accept only BGP routes from trusted hosts on the Internet, which will discard traffic from attacking hosts.
• B. Work with the ISP and subscribe to an IPS filter that can recognize the attack patterns of the attacking hosts, and block those hosts at the local IPS device.
• C. Advertise a /32 route to the ISP to initiate a remotely triggered black hole, which will discard traffic destined to the problem server at the upstream provider.
• D. Add a redundant connection to a second local ISP, so a redundant connection is available for use if the server is being attacked on one connection.

Correct answer: C

Explanation

The best solution is to advertise a /32 route to the ISP to trigger a remotely triggered black hole, which effectively discards all traffic destined for the attacked server. This approach allows for immediate mitigation without needing to wait for ISP intervention. The other options either do not provide immediate relief or involve additional complexities that delay the response to the attack.