Denial-of-service scenarios in CloudNetX test whether you can recognize availability attacks and choose layered mitigations that match the attack type and environment constraints. This episode defines DDoS as distributed traffic intended to overwhelm bandwidth, infrastructure capacity, or application resources, and it defines SYN floods as attacks that exhaust connection state by initiating many incomplete TCP handshakes. The first paragraph focuses on recognition patterns: sudden spikes in connection attempts, rising latency and timeouts, error rates increasing under otherwise normal conditions, and resource exhaustion that disproportionately affects stateful devices. It explains that mitigation choices depend on whether the constraint is bandwidth saturation, state table exhaustion, or application-layer overload, and it introduces the concept that defenses must be placed upstream enough to reduce load before it reaches critical resources.