Question 16 - HP HPE6-A78 Real Exam Questions [Jan 2026 Update]

Q: 16

What distinguishes a Distributed Denial of Service (DDoS) attack from a traditional Denial of Service (DoS) attack?

Options

Correct Answer:

Explanation

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are both designed to disrupt

the availability of a network, service, or device by overwhelming it with traffic or requests. HPE

Aruba Networking documentation, particularly in the context of Wireless Intrusion Prevention (WIP)

and network security, often discusses these attacks to help administrators mitigate them.

DoS Attack: A DoS attack is launched from a single source (e.g., one device or IP address) and aims to

overwhelm a target (e.g., a server, network, or device) with traffic, making it unavailable to

legitimate users. For example, a DoS attack might flood a server with SYN packets to exhaust its

resources.

DDoS Attack: A DDoS attack is a more sophisticated version of a DoS attack, where the attack is

launched from multiple sources (e.g., a botnet of compromised devices). These sources work

together to overwhelm the target, making the attack harder to mitigate because the traffic comes

from many different IP addresses.

Option A, "A DDoS attack originates from external devices, while a DoS attack originates from

internal devices," is incorrect. Both DoS and DDoS attacks can originate from external or internal

devices. The distinction is not about the location of the devices but the number of sources involved.

Option B, "A DoS attack targets one server; a DDoS attack targets all the clients that use a server," is

incorrect. Both DoS and DDoS attacks typically target a single entity (e.g., a server, network, or

device) to disrupt its availability. They do not target "all the clients that use a server."

Option C, "A DDoS attack targets multiple devices, while a DoS is designed to incapacitate only one

device," is incorrect. Both DoS and DDoS attacks usually target a single device or service to

overwhelm it. The difference lies in the source of the attack, not the number of targets.

Option D, "A DDoS attack is launched from multiple devices, while a DoS attack is launched from a

single device," is correct. This is the primary distinction between the two: a DDoS attack involves

multiple sources (e.g., a botnet), while a DoS attack originates from a single source.

The HPE Aruba Networking Security Guide states:

"A Denial of Service (DoS) attack is launched from a single device to overwhelm a target, such as a

server or network, making it unavailable to legitimate users. A Distributed Denial of Service (DDoS)

attack, in contrast, is launched from multiple devices, often a botnet of compromised systems, to

flood the target with traffic from many sources, making it harder to mitigate." (Page 20, DoS and

DDoS Attacks Section)

Additionally, the HPE Aruba Networking AOS-8 8.11 User Guide notes:

"The Wireless Intrusion Prevention (WIP) system can detect DoS and DDoS attacks. A DoS attack

originates from a single source, while a DDoS attack involves multiple sources working together to

overwhelm the target, such as a server or network infrastructure." (Page 423, WIP Threat Detection

Section)

HPE Aruba Networking Security Guide, DoS and DDoS Attacks Section, Page 20.

HPE Aruba Networking AOS-8 8.11 User Guide, WIP Threat Detection Section, Page 423.

===========

FLASH OFFER