Which of the following is a true characteristic of DoS attacks?

The key idea is about availability. A DoS attack is designed to exhaust the target’s resources—such as bandwidth, CPU, memory, or a limited number of concurrent connections—so legitimate users can’t access the service. This disruption to service is the defining feature, not stealing data or leaking information. So the statement that describes exhausting resources to make the service unavailable best captures what a DoS attack aims to do. For context, attackers might flood bandwidth with a volumetric attack, overwhelm application logic with many requests, or exhaust connection tables or processing power. These actions disrupt service rather than expose confidential data, which is why choices mentioning confidentiality, data leakage, or “harmlessness” don’t fit.