Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CertNexus ITS-110 Exam - Topic 1 Question 28 Discussion

An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)
B) Block all inbound packets originating from service ports
A) Block all inbound packets with an internal source IP address
C) Enable unused Transmission Control Protocol (TCP) service ports in order to create a honeypot
D) Block the use of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) through his perimeter firewall
E) Require the use of X.509 digital certificates for all incoming requests

CertNexus ITS-110 Exam - Topic 1 Question 28 Discussion

Actual exam question for CertNexus's ITS-110 exam
Question #: 28
Topic #: 1
[All ITS-110 Questions]

An IoT security administrator wishes to mitigate the risk of falling victim to Distributed Denial of Service (DDoS) attacks. Which of the following mitigation strategies should the security administrator implement? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B

by Christiane at Mar 18, 2024, 05:06 PM

Limited Time Offer

25%

Off

Get Premium ITS-110 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Galen
6 months ago
Wait, are we really suggesting honeypots? That feels sketchy.
upvoted 0 times
...
Fredric
7 months ago
Isn't blocking all TCP/UDP a bit extreme?
upvoted 0 times
...
Lynelle
7 months ago
Definitely go for X.509 certificates, they add a solid layer of security.
upvoted 0 times
...
Kristofer
7 months ago
I disagree, enabling unused ports for honeypots sounds risky.
upvoted 0 times
...
Deeanna
7 months ago
Blocking inbound packets with internal IPs is a must!
upvoted 0 times
...
Mira
7 months ago
Requiring X.509 certificates sounds like a solid strategy, but I’m not sure if it directly addresses DDoS attacks.
upvoted 0 times
...
Vernice
8 months ago
I feel like enabling unused TCP ports for a honeypot is risky; it might attract more attacks instead of mitigating them.
upvoted 0 times
...
Derrick
8 months ago
I think blocking all inbound packets from service ports could help, but I’m not confident about the specifics.
upvoted 0 times
...
Kelvin
8 months ago
I remember we discussed blocking inbound packets with internal source IPs in class, but I'm not sure if that's the best option here.
upvoted 0 times
...
Earlean
8 months ago
Requiring digital certificates could add an extra layer of security, but might not be the primary focus for DDoS mitigation.
upvoted 0 times
...
Terrilyn
8 months ago
Enabling a honeypot could be an interesting approach, but I'm not sure if that's the most effective DDoS mitigation strategy here.
upvoted 0 times
...
Refugia
8 months ago
Hmm, blocking internal source IPs and service ports seem like good options to consider. I'll have to weigh the pros and cons of each.
upvoted 0 times
...
William
8 months ago
This looks like a tricky DDoS mitigation question. I'll need to think carefully about the best strategies to implement.
upvoted 0 times
...
Goldie
8 months ago
Blocking TCP and UDP traffic entirely seems a bit extreme. I'll need to find a more balanced solution.
upvoted 0 times
...
Luz
8 months ago
I've got this! The data summary button is clearly showing Hosts, Sourcetypes, and Sources, so those are the three I'll choose.
upvoted 0 times
...
India
8 months ago
I'm a bit confused on the differences between the Storage Space options. I'll need to review the details of each one to determine the best fit.
upvoted 0 times
...
Ashley
8 months ago
I think this is asking about the different stages of the website development process. I'm pretty confident I know the "five Ds" - Discover, Define, Design, Develop, and Deploy. So I'll carefully consider each option and try to identify which one matches the current stage of creating a site map.
upvoted 0 times
...
Rickie
8 months ago
This one seems pretty straightforward. I'm pretty sure the answer is D, the VETS-100 form.
upvoted 0 times
...
France
8 months ago
I'm a bit confused by this question. I'm not sure what kind of "repressive measure" would be taken after a fire. I'll have to read the options carefully.
upvoted 0 times
...
Dorothy
1 year ago
I'm just waiting for the option that says 'Pour maple syrup on your server and hope the DDoS bots get stuck.' That's the kind of outside-the-box thinking I'm looking for.
upvoted 0 times
Lili
11 months ago
B) Block all inbound packets originating from service ports
upvoted 0 times
...
Belen
1 year ago
A) Block all inbound packets with an internal source IP address
upvoted 0 times
...
...
Man
1 year ago
Requiring X.509 digital certificates for all incoming requests? Now we're talking! That's a solid way to authenticate legitimate traffic and weed out the DDoS nonsense.
upvoted 0 times
...
Yuriko
1 year ago
Blocking TCP and UDP through the firewall? Might as well just unplug the internet and call it a day. That's about as effective as trying to stop a fire with a garden hose.
upvoted 0 times
Elroy
12 months ago
User 3: We should focus on other mitigation strategies instead.
upvoted 0 times
...
Britt
12 months ago
User 2: Agreed, it's like trying to stop a fire with a garden hose.
upvoted 0 times
...
Andra
12 months ago
User 1: Blocking TCP and UDP through the firewall is not a good idea.
upvoted 0 times
...
...
Meghan
1 year ago
Enabling unused TCP service ports to create a honeypot? Sounds like a great way to get your server swarmed with bots. I'll pass on that one, thanks.
upvoted 0 times
Kirk
1 year ago
User 3: Blocking inbound packets with internal source IP addresses seems like a safer option.
upvoted 0 times
...
Ilene
1 year ago
User 2: Definitely, I wouldn't want to attract more attacks.
upvoted 0 times
...
Paz
1 year ago
User 1: I agree, creating a honeypot seems risky.
upvoted 0 times
...
...
Brynn
1 year ago
Blocking all inbound packets with an internal source IP address? That's like putting a padlock on your front door and leaving the back door wide open. Not a very effective DDoS mitigation strategy if you ask me.
upvoted 0 times
Graciela
1 year ago
B) Block all inbound packets originating from service ports
upvoted 0 times
...
Glory
1 year ago
A) Block all inbound packets with an internal source IP address
upvoted 0 times
...
...
Kayleigh
1 year ago
But we should also require the use of X.509 digital certificates for all incoming requests. That way we can verify the authenticity of the requests.
upvoted 0 times
...
Keshia
1 year ago
I agree with Marilynn. That would help prevent DDoS attacks.
upvoted 0 times
...
Marilynn
1 year ago
I think we should block all inbound packets with an internal source IP address.
upvoted 0 times
...

Save Cancel