Which tool is used to perform layer-7 DDoS attacks on web infrastructure?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which tool is used to perform layer-7 DDoS attacks on web infrastructure?

Explanation:
Layer-7 DDoS attacks target the web application itself by tying up the server’s ability to handle legitimate requests, often by exhausting the number of concurrent connections or worker threads the server can manage. Slowloris is a classic tool designed for this purpose: it opens many connections to the target web server and sends incomplete HTTP requests, then periodically sends additional header data to keep those connections alive. Because each half-open connection consumes server resources, the server eventually runs out of available connections and can no longer serve real users, causing an outage or severe slowdown even with modest bandwidth. Other options describe broader or different kinds of attacks. A multi-vector DDoS is a broader strategy that combines several techniques rather than a single application-layer tool. DRDoS relies on reflection/amplification to overwhelm the target, typically at network or transport layers rather than directly at the application layer. Permanent DoS targets hardware or firmware to degrade or destroy functionality, not specifically web application resources. Slowloris directly exploits the application layer to degrade web infrastructure, which is why it’s the best fit for this scenario.

Layer-7 DDoS attacks target the web application itself by tying up the server’s ability to handle legitimate requests, often by exhausting the number of concurrent connections or worker threads the server can manage. Slowloris is a classic tool designed for this purpose: it opens many connections to the target web server and sends incomplete HTTP requests, then periodically sends additional header data to keep those connections alive. Because each half-open connection consumes server resources, the server eventually runs out of available connections and can no longer serve real users, causing an outage or severe slowdown even with modest bandwidth.

Other options describe broader or different kinds of attacks. A multi-vector DDoS is a broader strategy that combines several techniques rather than a single application-layer tool. DRDoS relies on reflection/amplification to overwhelm the target, typically at network or transport layers rather than directly at the application layer. Permanent DoS targets hardware or firmware to degrade or destroy functionality, not specifically web application resources. Slowloris directly exploits the application layer to degrade web infrastructure, which is why it’s the best fit for this scenario.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy