Effective CISSP Questions

A web server is suffering from UDP flooding attacks. Which of the following is least likely to happen?
A. The source IP address of the ingress packets is spoofed.
B. The web server sends ICMP to inform the attacker the destination was unreachable.
C. The destination UDP port of the attack traffic doesn’t exist.
D. The firewall that protects the web server is free from UDP flooding attacks.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. The firewall that protects the web server is free from UDP flooding attacks.

If the UDP flood has a volume high enough to saturate the state table of the targeted server’s firewall, any mitigation that occurs at the server level will be insufficient as the bottleneck will occur upstream from the targeted device.

Source: cloudflare

Attacking unexisting UDP ports consumes more
resources of the victim because it wastes the victim’s CPU utilization to determine ports and consumes more bandwidth for responses.

If the specified destination UDP port doesn’t exist on the server, it may notify the source by replying with ICMP messages. It’s also common for the UDP flooding attackers to spoof the source IP address to avoid the traffic of the victim’s ICMP replies. 



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

Web服務器正遭受UDP泛洪攻擊。 以下哪項最不可能發生?
A. 進來的封包的源IP地址是偽造的。
B. Web服務器發送ICMP通知攻擊者目的地不可達。
C. 攻擊流量的目的UDP端口不存在。
D. 保護Web伺服器的防火牆不會受UDP泛洪攻擊。


Leave a Reply