Which FortiGate feature helps mitigate DDoS attacks?

Rate limiting is an essential feature for mitigating DDoS (Distributed Denial of Service) attacks as it helps control the amount of traffic that is allowed to reach a particular resource or application on the network. By enforcing limits on the number of requests or connections—whether per user, per IP address, or in total—rate limiting can significantly reduce the effectiveness of an overwhelming traffic surge that DDoS attacks typically generate.

This functionality ensures that legitimate users can access the services they need while simultaneously preventing malicious traffic from exhausting resources, thereby ensuring service availability. Rate limiting can be customized based on specific protocols or applications, making it a versatile tool in defending against various types of DDoS scenarios.

While the other options, such as Application Control, Intrusion Prevention System (IPS), and SSL Inspection, can provide broader network protection and improve security postures, they do not specifically address the ability to manage traffic volume effectively in the context of an active DDoS attack. Application Control focuses on regulating applications and their usage, IPS targets specific threats by identifying and blocking them, and SSL Inspection deals with encrypted traffic. However, none of these features directly limit the rate of incoming connections like rate limiting does.