Certified Ethical Hacker (CEH v13) — Question 138

A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?

Answer options

• A. The attacker should instigate a protocol-based SYN flood attack, consuming connection state tables on the retailer's servers
• B. The attacker should leverage a botnet to launch a Pulse Wave attack, sending high-volume traffic pulses at regular intervals
• C. The attacker should initiate a volumetric flood attack using a single compromised machine to overwhelm the retailer's network bandwidth
• D. The attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's ICMP processing

Correct answer: B

Explanation

The correct answer is B because using a botnet for a Pulse Wave attack can effectively overwhelm the target with bursts of traffic while concealing the attacker's identity. Options A and D are less effective as they can be more easily mitigated by standard defenses, and option C relies on a single compromised machine, which limits the attack's scale and effectiveness.