ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-901 All Questions

View all questions & answers for the 350-901 exam
Go to Exam

Exam 350-901 topic 1 question 224 discussion

Actual exam question from Cisco's 350-901
Question #: 224
Topic #: 1
[All 350-901 Questions]

A developer is deploying an application to automate the configuration and management of Cisco network switches and routers. The application must use REST
API interface to achieve programmability. The security team mandates that the network must be protected against DDoS attacks. What mitigates the attack without impacting genuine requests?

  • A. IP address filtering at the application layer
  • B. traffic routing on the network perimeter
  • C. API rate limiting at the application layer
  • D. firewall on the network perimeter
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by duracell at Jan. 5, 2022, 7:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
udo2020
Highly Voted 1 year, 10 months ago
I think the answer is C. In the official Study Guide p. 18: - Proactively prevent resource overload with rate-limiting mechanisms, which put a cap on how often someone can repeat an action within a certain timeframe. This can be applied to many processes: ... Network traffic: Protect servers and network devices from overload during a distributed denial-of-service (DDoS) attack.
upvoted 7 times
...
cj_kuo
Most Recent 9 months, 2 weeks ago
Selected Answer: C
The answer really depended on what type of person you are. As a network guy, mostly will select A or B. As a security guy, the selection should be D. But developer will choose C base on their thinking.
upvoted 3 times
...
Teringzooi
1 year, 2 months ago
Selected Answer: C
Correct answer: C
upvoted 1 times
...
designated
1 year, 3 months ago
Selected Answer: C
C is correct - Rate-limiting > Proactively prevent resource overload with rate-limiting mechanisms, which put a cap on how often someone can repeat an action within a certain timeframe. This can be applied to many processes: - REST API calls: Return an HTTP 429 “Too Many Requests” code to prevent API overuse and let the requestor know the system is busy at the moment. - Network traffic: Protect servers and network devices from overload during a distributed denial-of-service (DDoS) attack. - User interactions: Stop brute-force attacks (for example, do not allow more than three login attempts within 10 minutes). - Data protection: Do not allow frequent calls to extract data (aka web scraping).
upvoted 1 times
...
__al__
1 year, 8 months ago
Both C and D could work well. As long as the rate-limiting is set-up properly, genuine requests wouldn't be impacted.
upvoted 1 times
...
python_tamer
1 year, 10 months ago
Selected Answer: C
I think it's C. Although a FW does help protect against a DDoS attack, this is a DevNet exam not a security exam so I think rate-limiting is more appropriate.
upvoted 4 times
...
duracell
1 year, 11 months ago
D is correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel