Exam SY0-601 topic 1 question 65 discussion

Answer: (B) NIPS and (D) WAF A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model). A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. NIPS consists of NIDS and IPS. WAF is a firewall. NIPS can operate up to layer 7 by passing or allowing traffic

B & D seems correct, it has to BLOCK the traffic remember.

WAF, for sure. Modern NIPS work at layer 7 (can inspect HTTP traffic, for example)

A NIDS is used to identify and log hosts and applications and to detect attack signatures, password guessing attempts, port scans, worms, backdoor applications, malformed packets or sessions, and policy violations (ports or IP addresses that are not permitted, for instance). You can use analysis of the logs to tune firewall rulesets, remove or block suspect hosts and processes from the network, or deploy additional security controls to mitigate any threats you identify.

D. WAF E. NAC NIPS is a layer 3 & 4 device

NIPS solutions can look at application layer protocols such HTTP, FTP, and SMTP.

- B. NIPS (Network Intrusion Prevention System): A NIPS is an intrusion detection system that can actively block and prevent detected threats. It operates at Layer 7 of the OSI model, just like NIDS (Network Intrusion Detection System). However, NIPS goes beyond detection and takes proactive measures to block potential attacks at the network level. - D. WAF (Web Application Firewall): A WAF is a security control that operates at Layer 7 of the OSI model. It is specifically designed to monitor, filter, and block HTTP/HTTPS traffic to and from web applications. By doing so, it can prevent web-based attacks, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities. Why A is wrong according to ChatGPT: A. HIDS (Host Intrusion Detection System): HIDS operates on individual hosts or endpoints and is not specifically focused on Layer 7 protection. It is not designed to block network-based attacks.

HIDS is a Layer 7, not NIPS

The two security controls that can block an attack at Layer 7 are: D. WAF (Web Application Firewall): A WAF is a Layer 7 security control that sits between a web application and the internet, inspecting all incoming and outgoing traffic. It can block attacks targeting web applications, such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI), by examining the content of HTTP requests and responses and blocking any that match predefined rules. B. NIPS (Network Intrusion Prevention System): A NIPS is a Layer 7 security control that can inspect and block attacks targeting specific network protocols and applications. It can identify and block attacks at the network layer, transport layer, and application layer, including Layer 7. NIPS uses signature-based detection and behavioral analysis to detect and block known and unknown attacks. Therefore, options B (NIPS) and D (WAF) are the correct answers. The other options, including HIDS, HSM, NAC, and NIDS, do not specifically target Layer 7 and may not be effective at blocking attacks targeting specific applications or protocols.

I initally was going to say NIPS as well. Yes a NIPS blocks traffic but it says at Layer 7. Im pretty sure NIPS operates on layer 3 i believe. So that would mean im guessing the answer is D and E.

B & D. * Network access control (NAC) is typically implemented at either the data link (layer two) or network layer (layer three) of the open standards interconnection model. Enforcement mechanisms vary between different products, and some have multiple options.

Why not NIDS Network Intrusion Detection System?

B&D. Web Apllication Firewall is at the Application Layer, and NIPS, is a prevention system.

ChatGPT says it's WAF and NAC.

The IPS sensor analyzes at Layer 2 to Layer 7 the payload of the packets for more sophisticated embedded attacks that might include malicious data.

D. WAF (Web Application Firewall) and E. NAC (Network Access Control) can block attacks at Layer 7. A HIDS (Host-based Intrusion Detection System) is a security system that monitors and analyzes the logs and events on a single host for signs of potential attacks or malicious activity. It operates at the host level, rather than at the network level, and therefore cannot block attacks at Layer 7. A NIPS (Network Intrusion Prevention System) is a security system that analyzes network traffic in real-time to identify and prevent potential attacks or malicious activity. It operates at the network level, rather than at the host level, and therefore cannot block attacks at Layer 7.

NIPS consists of NIDS and IPS. WAF is a firewall.