Exam SY0-701 topic 1 question 8 discussion

B is the correct one B. WAF (Web Application Firewall) A. NGFW (Next-Generation Firewall) C. TLS (Transport Layer Security) D. SD-WAN (Software-Defined Wide Area Network)

A Web Application Firewall (WAF) is for ensuring the security of an HTTP application like WordPress, or Magneto against threats like SQL injection, or XSS.

A buffer overflow is an attack that exploits poor input handling in applications, allowing attackers to run malicious code or crash systems. A WAF helps protect against application-layer attacks like: Buffer overflows SQL injection Cross-site scripting (XSS)

SD-WAN

The correct answer is: B. WAF (Web Application Firewall) Explanation: A Web Application Firewall (WAF) is specifically designed to protect web applications by filtering and monitoring HTTP/HTTPS traffic between a web application and the Internet. It can: Detect and block common web exploits, including buffer overflows, SQL injection, cross-site scripting (XSS), etc. Help defend against application-layer attacks, like the one described in your scenario. Why not the others? A. NGFW (Next-Generation Firewall) While NGFWs provide deep packet inspection and application awareness, they are network-level defenses and not as tailored for protecting web applications from specific exploits like buffer overflows. C. TLS (Transport Layer Security) TLS encrypts data in transit but does not protect against buffer overflows or application-layer exploits. D. SD-WAN (Software-Defined Wide Area Network) SD-WAN is focused on network connectivity and performance, not application security or vulnerability mitigation.

WAF is the best solution for preventing application-specific attacks like buffer overflows

web APP fireeall

I can see why the "correct" answer is WAF, but the question is silly. Why use your WAF to try to block buffer overflow attacks? Why not have the application developers add or fix input validation on the web forms, which is what's really needed. How would you know what bit-length to restrict inputs to for your WAF rule without consulting the developers? And if you are consulting the developers about this, just have then fix it at the source. I'm all for defense in depth, but it doesn't seem realistic to try to block this at the WAF or NGFW.

The answer is B and not A because it says "internet-facing website was compromised." That is specifically what WAF's are designed for. Next-Gen's operate at Layer 7 and provide application-level inspection but are designed for network level protection across services.

NGFW is much more effective then WAF.

NGFW is the correct answer. When it comes to defending against buffer overflow attacks, a Next-Generation Firewall (NGFW) is generally more effective than a Web Application Firewall (WAF). Here's why: NGFW Capabilities: NGFWs provide deep packet inspection, advanced threat detection, and the ability to identify and block malicious traffic based on patterns and behaviors. They can also enforce security policies at the network level, which helps prevent exploitation attempts before they reach the application. WAF Limitations: While WAFs are designed to protect web applications by filtering and monitoring HTTP traffic, they primarily focus on application-layer attacks like SQL injection and cross-site scripting (XSS). Buffer overflow attacks, which often target vulnerabilities in software rather than web applications, may not be as effectively mitigated by a WAF.

A NGFW would better protect against buffer overflow attacks thanks to deep packet inspection and IDS/IPS. A WAF would protect better against SQL injections and XSS.

cuz its a web application fire, and it's main purpose is to protect web applications from external threats

A WAF inspects incoming and outgoing web traffic to detect and block malicious payloads that may exploit application vulnerabilities, such as buffer overflows.

b.WAF Web Application Firewall