Exam CISSP topic 1 question 464 discussion

D. The cloud service provider such as Azure or AWS can mitigate these attacks: https://www.stormit.cloud/blog/cloud-ddos-protection-how-to-mitigate-all-risks/

Going with C Reviewing service-level agreements (SLAs) with cloud service providers is also important, but it is not directly related to the goal of ensuring the future availability of their web and e-commerce sites in the face of DDoS attacks.

Unlikely C - Signature-based detection is more useful against malware or intrusion detection, not for handling volumetric DDoS attacks, which usually require behavioral or traffic pattern-based defenses.

C. While improving detection strategies is important, relying solely on signature-based techniques may not be effective against all DDoS attacks, especially sophisticated ones that can vary widely in form and signature. D. SLAs should include guarantees for uptime, support response times, and mitigation measures for DDoS attacks. If the current SLAs are insufficient, the organization might consider negotiating better terms or seeking additional protections such as DDoS mitigation services provided by the cloud service provider.

C will better help ensure avialability of the web app.

Here's why: SLAs define the services offered and the level of commitment from the cloud provider. In the context of DDoS attacks, the SLA should specify how the provider will handle such attacks and what level of uptime they guarantee during such events. Reviewing the SLA can help identify any gaps in protection. For example, the SLA might not cover certain types of DDoS attacks or might have limitations on how much mitigation they offer. Based on the review, the organization can negotiate with the cloud provider to improve their DDoS protection mechanisms or potentially explore alternative providers with more robust DDoS mitigation capabilities.

Answer C: Review current detection strategies and employ signature-based techniques. https://ieeexplore.ieee.org/abstract/document/9511420 https://www.researchgate.net/profile/Mohammed-Alenezi-5/publication/352312016_Methodologies_for_detecting_DoSDDoS_attacks_against_network_servers/links/60c31c9ba6fdcc2e6131a793/Methodologies-for-detecting-DoS-DDoS-attacks-against-network-servers.pdf If the cloud provider was a CDN to prevent DDOS attacks, they wouldn't have "experienced multiple distributed denial-of-service (DDoS) attacks" so reviewing the SLA wont address the problem.

C. Review current detection strategies and employ signature-based techniques Reviewing detection strategies and employing signature-based techniques is a more direct and effective measure to address DDoS attacks and enhance the availability of web and e-commerce sites. Signature-based techniques can help identify known attack patterns and allow for a more proactive response.

D is the answer: Reviewing SLAs will allow assessing and potentially strengthening the uptime and response commitments from cloud providers. SLAs can stipulate availability metrics, response times, mitigation capabilities, and penalties for the provider. This helps contractually ensure and incentivize availability of the hosted services during a DDoS attack. Signature-based detection by itself has limited ability to mitigate DDoS attacks: -DDoS attacks rely on flooding infrastructure with high volumes of traffic from distributed sources. -This doesn't necessarily rely on known attack signatures. -Signatures focus on detecting specific known malicious payloads or behavior patterns. -DDoS can use varying protocols and payload patterns. -The high volume and distributed nature of DDoS makes signature analysis technically challenging to keep up with traffic speed and volume.

C is correct