Certified Information Security Manager (CISM) — Question 936
Which of the following is a viable containment strategy for a distributed denial of service (DDoS) attack?
Answer options
- A. Block IP addresses used by the attacker.
- B. Disable firewall ports exploited by the attacker.
- C. Power oft affected servers.
- D. Redirect the attacker's traffic.
Correct answer: D
Explanation
Redirecting the attacker's traffic can effectively mitigate the impact of a DDoS attack by sending it to a scrubbing service or a sinkhole. Blocking IP addresses or disabling firewall ports may not be effective if the attacker uses multiple or changing IPs. Powering off affected servers can disrupt legitimate services and is not a strategic response.