Detecting and Mitigating SQL Server Resolution Protocol DDoS Attacks

AB.

The correct answers are A. firewall and E. IPS.

Explanation:

A firewall is a device or software that controls access to a network. It can block incoming traffic that does not match the defined security policy. In this case, the Microsoft SQL Server Resolution Protocol was tampered with, which could have allowed the attacker to gain unauthorized access to the database servers. By using a firewall, the engineer can prevent such attacks by blocking traffic that is not authorized.

An Intrusion Prevention System (IPS) is a device or software that can detect and prevent attacks. It can detect and block malicious traffic in real-time, preventing the attacker from causing any damage. In this case, the attack was a DDoS attack, which means that the attacker used multiple systems to send a large volume of traffic to the target system, which caused the server to go down. An IPS can detect and block such traffic, preventing the attack from causing any damage.

Wireshark is a network protocol analyzer that can capture and display network traffic. While it can be used to analyze network traffic, it is not the best tool to detect and mitigate attacks in real-time.

Autopsy is a digital forensics tool used for analyzing hard drives and media images. It is not relevant for detecting and mitigating attacks in real-time.

SHA512 is a cryptographic hash function that is used for secure data transmission. While it is an important security tool, it is not relevant for detecting and mitigating attacks in real-time.

In summary, a firewall and an IPS are the best tools to detect and mitigate attacks in real-time, preventing the attacker from causing any damage to the network.