Information Technology Specialist (ITS) Cybersecurity Practice Exam

What kind of attack is a denial of service (DoS)?

• A. An attack aimed to steal personal data
• B. An attack that denies legitimate users access to resources
• C. An attack meant to repurpose system resources
• D. An attack that targets physical devices only

The correct answer is: An attack that denies legitimate users access to resources

A denial of service (DoS) attack is characterized by its objective to deny legitimate users access to resources, such as network services, applications, or websites. During a DoS attack, the attacker typically floods the target with an overwhelming amount of traffic or sends malformed requests, which exhausts the resources of the system or network, making it unable to respond to legitimate requests from users. This results in disruption of service, and the legitimate users cannot access the desired resources. The essence of a DoS attack is to disrupt availability, making "denying access to resources" the core aspect of such attacks. By hindering user access to essential services or information, attackers can cause downtime, lead to financial loss, and damage an organization’s reputation. In the context of the other options, while stealing personal data describes a different type of attack focused on information theft, repurposing system resources typically relates to resource exhaustion for different purposes rather than denial of service. Targeting physical devices suggests a more specific hardware manipulation, which does not accurately encompass the broader scope of DoS attacks that primarily focus on network services and availability.