NSE 8 – Network Security Expert (811) — Question 31

A customer wants to enable SYN flood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source
IP address.
Which SYN flood mitigation mode must the customer use?

Answer options

• A. SYN retransmission
• B. SYN/ACK cookie
• C. SYN cookie
• D. ACK cookie

Correct answer: C

Explanation

The correct answer is C, SYN cookie, as it is specifically designed to handle SYN flood attacks by allowing the server to respond with a SYN/ACK packet only after validating the SYN packet. The other options, while related to SYN handling, do not provide the same level of protection against SYN flood attacks as SYN cookies do.