CompTIA Security+ (SY0-601) — Question 469

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Answer options

• A. Concurrent session usage
• B. Secure DNS cryptographic downgrade
• C. On-path resource consumption
• D. Reflected denial of service

Correct answer: D

Explanation

The situation describes a reflected denial of service (DoS) attack, where the server is being overwhelmed by traffic that is not a result of legitimate DNS queries. Options A, B, and C do not accurately capture the nature of the traffic flood or the limited DNS activity, making D the correct choice.