On July 25, 2025, during a security assessment at Apex Technologies in Boston, Massachusetts, ethical...

A load balancer is the best match because the key mitigation behavior described is distributing incoming traffic across multiple servers to prevent any single system from being overwhelmed. In CEH coverage of availability attacks, one of the most practical architectural defenses against flooding-based DoS and DDoS is to scale horizontally and place a load-balancing layer in front of a server pool. This allows the organization to absorb spikes by spreading connections and requests across multiple backend nodes, improving resilience and maintaining uptime.

The scenario also mentions filtering malicious requests. Modern load balancers commonly provide health checks, rate limiting, connection limiting, and integration with access control rules, and they are often deployed alongside DDoS scrubbing or edge protections. Even when the filtering logic is implemented through integrated security policies or upstream services, the defining characteristic in the prompt is traffic distribution across multiple servers, which is a primary function of load balancing and a common CEH-referenced mitigation strategy for volumetric attacks.

A web application firewall focuses on inspecting and blocking malicious HTTP and application-layer payloads such as injection, request anomalies, and known attack patterns, but it is not primarily responsible for distributing traffic across multiple servers. An IPS can block suspicious patterns and exploit attempts, yet it does not typically provide the core traffic distribution function described. A traditional firewall enforces network-level rules and may help with rate limits, but it does not inherently balance traffic across a server farm. Therefore, the most likely tool in use here is a load balancer.