Certified Information Systems Security Professional (CISSP) — Question 135

What is the MOST effective way to mitigate distributed denial of service (DDoS) attacks?

Answer options

• A. Deploy a web application firewall (WAF).
• B. Block access to Transmission Control Protocol (TCP) ports under attack.
• C. Detect and block bad Internet Protocol (IP) subnets on the corporate firewall.
• D. Engage an upstream Internet service provider (ISP).

Correct answer: D

Explanation

Engaging an upstream Internet service provider (ISP) is the most effective strategy for mitigating DDoS attacks because they can absorb and filter out the malicious traffic before it reaches your network. The other options, while helpful, are not as comprehensive; a WAF and blocking TCP ports may not handle the scale of DDoS attacks, and blocking bad IP subnets alone does not prevent the attack from occurring.