Certified Threat Intelligence Analyst (CTIA) — Question 32

A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

Answer options

• A. DHCP attacks
• B. MAC spoofing attack
• C. Distributed Denial-of-Service (DDoS) attack
• D. Bandwidth attack

Correct answer: C

Explanation

The correct answer is C, as the situation describes multiple connection requests from various locations causing server stress, typical of a Distributed Denial-of-Service (DDoS) attack. Options A and B do not fit the scenario, as DHCP and MAC spoofing attacks involve different methods of compromising a network without necessarily overwhelming server capacity. Option D, a bandwidth attack, may involve saturation of bandwidth but is less specific than a DDoS attack, which directly relates to the described symptoms.