Certified Ethical Hacker (CEH v13) — Question 230

You are a cybersecurity consultant for a smart city project. The project involves deploying a vast network of IoT devices for public utilities like traffic control, water supply, and power grid management. The city administration is concerned about the possibility of a Distributed Denial of Service (DDoS) attack crippling these critical services. They have asked you for advice on how to prevent such an attack. What would be your primary recommendation?

Answer options

• A. Implement regular firmware updates for all IoT devices.
• B. Establish strong, unique passwords for each IoT device.
• C. Deploy network intrusion detection systems (IDS) across the IoT network.
• D. Implement IP address whitelisting for all IoT devices.

Correct answer: D

Explanation

Implementing IP address whitelisting is the most effective way to prevent DDoS attacks, as it restricts access to only trusted IP addresses, thereby reducing the attack surface. While regular firmware updates, strong passwords, and IDS are important for overall security, they do not specifically address the immediate risk of DDoS attacks as effectively as whitelisting does.