CompTIA CySA+ (CS0-003) — Question 80

A security team is concerned about recent Layer 4 DDoS attacks against the company website. Which of the following controls would best mitigate the attacks?

Answer options

• A. Block the attacks using firewall rules
• B. Deploy an IPS in the perimeter network
• C. Roll out a CDN
• D. Implement a load balancer

Correct answer: C

Explanation

Implementing a CDN (Content Delivery Network) is effective against Layer 4 DDoS attacks as it can absorb and distribute the traffic across multiple servers, reducing the load on the main website. Firewall rules and IPS can help to some extent but may not be as effective against large-scale DDoS attacks as a CDN. A load balancer primarily manages traffic distribution but does not inherently protect against DDoS attacks.