Certified Information Security Manager (CISM) — Question 1032

Which of the following is the BEST defense against distributed denial of service (DDoS) attacks?

Answer options

• A. Regular patching
• B. Multiple and redundant paths
• C. Intruder-detection lockout
• D. Well-configured routers and firewalls

Correct answer: B

Explanation

Option B is correct because having multiple and redundant paths can help distribute traffic and mitigate the impact of DDoS attacks. The other options, while important for security, do not specifically address the need for resilience against the overwhelming traffic characteristic of DDoS attacks.