GIAC Certified Incident Handler (GCIH) — Question 166

A client wants a system so that they can monitor connection queues on network equipment for too many half-open connections, as well as look for bandwidth consumption from the same types of connections. What kind of attacks will this type of system defend against?

Answer options

• A. Smurf attacks
• B. Passive scans
• C. CPUHog attacks
• D. SYN Floods

Correct answer: C

Explanation

The correct answer is C, as a system designed to monitor half-open connections and bandwidth consumption is particularly effective against CPUHog attacks, which aim to consume server resources. Options A and D, Smurf and SYN Floods respectively, involve different attack vectors, focusing on flooding the network or server, while B, Passive scans, do not directly relate to connection management issues.