(ISC)2 Certified in Cybersecurity Practice Exam

What type of attack might Ludwig observe that aims to disrupt availability?

• A. DDOS (distributed denial of service)
• B. Spoofing
• C. Exfiltrating stolen data
• D. An insider sabotaging the power supply

The correct answer is: DDOS (distributed denial of service)

The choice that Ludwig might observe as a type of attack aiming to disrupt availability is the distributed denial of service (DDoS) attack. DDoS attacks work by overwhelming a target's network, server, or application with an immense volume of traffic, thereby rendering the targeted service unavailable to legitimate users. The goal of a DDoS attack is specifically to disrupt the target's ability to operate normally, which falls directly under the category of availability threats in cybersecurity. By saturating the bandwidth or overwhelming system resources, DDoS attacks can effectively paralyze websites, networks, or services, leading to downtime and loss of access for individuals and organizations. This kind of disruption can be financially damaging, harm a company's reputation, and impact user trust. While other options could potentially affect availability in a broader sense, they do not serve as direct attack vectors specifically aimed at disrupting service availability like a DDoS attack does. Spoofing typically involves impersonating a user or device to gain unauthorized access but doesn't directly impact the service's availability. Exfiltrating stolen data involves data theft, affecting confidentiality instead of availability. An insider sabotaging the power supply could cause availability issues but is more of a physical security breach that might not be categorized as a cyber