Which of the following is true about denial-of-service attacks?

A denial-of-service attack specifically targets the availability of a network service by overwhelming a server with excessive requests or traffic, effectively tying up its communication ports. This prevents legitimate users from accessing the server, as it cannot respond to their requests. The nature of these attacks is to disrupt the normal functioning of the server or network, highlighting the critical risk they pose to organizational resources.

The scenario outlined in the correct response accurately reflects the mechanics of how denial-of-service attacks function, emphasizing their focus on unavailability rather than unauthorized access. This means they do not typically enable attackers to gain access to unprotected resources on the server, as the intent is not to breach security measures but to render the service unusable. Therefore, the first option encapsulates the primary characteristic of a denial-of-service attack, making it the correct choice.