Certified Ethical Hacker (CEH v12) — Question 224

You are a cybersecurity consultant for a smart city project. The project involves deploying a vast network of IoT devices for public utilities like traffic control, water supply, and power grid management. The city administration is concerned about the possibility of a Distributed Denial of Service (DDoS) attack crippling these critical services. They have asked you for advice on how to prevent such an attack. What would be your primary recommendation?

Answer options

• A. Implement regular firmware updates for all IoT devices.
• B. Establish strong, unique passwords for each IoT device.
• C. Deploy network intrusion detection systems (IDS) across the IoT network.
• D. Implement IP address whitelisting for all IoT devices.

Correct answer: D

Explanation

The correct answer is D, as IP address whitelisting restricts access to only known, trusted IP addresses, which can significantly reduce the risk of DDoS attacks. While regular firmware updates and strong passwords (options A and B) are important for general security, they do not directly prevent DDoS attacks. Deploying IDS (option C) is useful for monitoring threats but does not inherently stop a DDoS attack from occurring.