Certified Incident Handler (CIH) Practice Ecam

What technique did Kevin use to prevent DDoS incidents after an attack?

• A. Traffic pattern analysis
• B. Network segmentation
• C. Encryption methods
• D. Physical security enhancements

The correct answer is: Traffic pattern analysis

Traffic pattern analysis is an effective technique for detecting and mitigating Distributed Denial of Service (DDoS) attacks. By analyzing the traffic patterns on a network, an organization can identify unusual spikes or anomalies in traffic that may indicate an ongoing or impending DDoS attack. This technique involves monitoring the volume and nature of incoming requests to understand what constitutes normal traffic versus what may be an attack. By implementing traffic pattern analysis, Kevin could use historical data to establish baselines and thresholds. If traffic suddenly exceeds these baselines, alerts can be triggered, allowing for faster incident response. This proactive approach not only helps in identifying when a DDoS attack is occurring but also assists in understanding the source and type of traffic to develop an effective response. Other techniques mentioned may serve specific purposes, but they do not directly address the detection and immediate response to DDoS incidents in the manner that traffic pattern analysis does. For instance, network segmentation can be valuable for containing the effects of an attack but does not inherently provide the same monitoring and detection abilities. Similarly, while encryption methods and physical security enhancements are important security practices, they are not directly relevant for combating DDoS incidents, which primarily involve traffic management.