Exam SY0-701 topic 1 question 138 discussion

A reflected denial of service (DoS) attack occurs when an attacker sends forged requests to a server, causing the server to respond to the spoofed IP address (the target) with a large volume of traffic. In the context of DNS, this often involves DNS amplification attacks, where small DNS queries result in large responses being sent to the target. This matches the described symptoms of minimal resource usage on the DNS server but a flood of inbound traffic. The best description of the observed situation, where the DNS server is overwhelmed by inbound traffic with minimal DNS queries, is that it is experiencing a reflected denial of service attack. Therefore, the correct answer is: D. Reflected denial of service

1. Unable to reach external websites, denial of service 2. Flooded with traffic 3. The traffic is not coming from with in via verifying with network logs DOS is best option based on those details

Minimal Resource Usage: The DNS server's CPU, disk, and memory usage are minimal, indicating that the server itself is not processing a large number of queries. However, the network interface is flooded with traffic, which is a key indicator of a reflected DoS attack. Flooded Network Interface: The flooding of the network interface with inbound traffic without a corresponding increase in actual DNS query processing suggests that the server is receiving unsolicited responses, characteristic of a reflected DoS attack. Why this is the best choice, because the symptoms match a reflected DoS, where the server is overwhelmed by traffic that it did not initiate, preventing legitimate users from accessing external websites due to the congestion

1. Unable to reach external websites, denial of service 2. Flooded with traffic 3. The traffic is not coming from with in via verifying with network logs DOS is best option based on those details