Information Technology Specialist (ITS) Cybersecurity Practice Exam

Which attack type overwhelms a server with more GET requests than it can handle?

• A. HTTP flooding
• B. UDP flood
• C. DNS amplification
• D. SYN flood

The correct answer is: HTTP flooding

The attack type that overwhelms a server with more GET requests than it can handle is known as HTTP flooding. This type of attack specifically targets web servers by sending a massive number of HTTP requests in a short period of time. The goal is to exhaust the server's resources, such as bandwidth, memory, and processing power, thereby making the server slow down or become completely unresponsive to legitimate traffic. In the context of HTTP flooding, attackers may use tools or scripts to automate the process of sending these requests, which can be done from a single source or by utilizing a botnet to distribute the requests across numerous devices. Since the web server is unable to effectively manage the overwhelming volume of incoming requests, legitimate users may find it difficult or impossible to access the web service being targeted. Other attack types work differently; for example, UDP floods send a high volume of User Datagram Protocol packets to overwhelm the target without directly involving HTTP requests. DNS amplification leverages the DNS server's response to amplify the attack traffic, while SYN floods target the TCP handshake process to consume resources without necessarily overwhelming the server with HTTP requests. Each of these methods has distinct characteristics and targets different aspects of network communication, but HTTP flooding specifically relates to the overloading of a web server with