Which of the following is the most effective initial step to mitigate a volumetric DDoS attack targeting a web service?
Think about stopping traffic before it reaches the server.
Rate limiting at the network edge helps block excessive traffic early, reducing the attack impact. WAFs help but are more effective for application-layer attacks. Increasing resources doesn't stop the attack, only delays failure. Caching helps backend load but not network flood.
You need to design a system to protect a global web application from DDoS attacks. Which architectural component is essential to distribute and absorb large attack traffic?
Consider spreading traffic geographically to reduce attack impact.
A global CDN distributes traffic across many edge locations, absorbing and filtering attack traffic closer to the source. Centralized firewalls and single load balancers become bottlenecks. Database replicas help backend but don't mitigate network floods.
Your service expects a peak legitimate traffic of 10,000 requests per second (RPS). To handle potential DDoS attacks, you want to provision protection capacity to absorb 10x that traffic. What is the minimum network bandwidth capacity you should plan for, assuming each request averages 500 bytes?
Calculate total bytes per second for 100,000 RPS and convert to bits per second.
100,000 RPS * 500 bytes = 50,000,000 bytes/sec = 400,000,000 bits/sec = 400 Mbps. This capacity ensures absorbing 10x peak legitimate traffic.
Which is the main tradeoff when relying on a third-party cloud DDoS protection service?
Think about privacy and control over data flow.
Using cloud DDoS protection means routing your traffic through the provider, which requires trusting them with your data and traffic patterns. Hardware specs and application scaling remain your responsibility. Application code changes are usually minimal or none.
Consider a DDoS protection pipeline with these components in order: Network Firewall → Traffic Analyzer → Rate Limiter → Load Balancer → Application Servers. During a large attack, which component is most likely to become the bottleneck and why?
Consider which step requires the most complex processing per packet.
Traffic Analyzer often performs deep inspection and behavioral analysis, which is CPU intensive and can slow down traffic flow under heavy load. Firewalls are optimized for throughput, rate limiters use efficient data structures, and load balancers distribute load but rarely become bottlenecks first.