🛡️ Free practice test question from: WAF (Layer 7) (Security+)

A WAF operates at Layer 7 (Application Layer): This is the key distinction. Traditional firewalls and IDS primarily operate at lower layers (Network and Transport layers), dealing with IP addresses, ports, and protocols. They don't have a deep insight into the content of HTTP/S requests. A WAF, on the other hand, understands the application-level protocol (HTTP/S) and can inspect the actual data being sent in requests and responses.  

Targeting and blocking malicious payloads: This is how a WAF mitigates attacks like XSS and SQL injection. It looks for specific patterns and signatures associated with these attacks within the HTTP/S traffic. For example, it can identify SQL injection attempts by looking for suspicious SQL keywords in user inputs or detect XSS attempts by searching for potentially malicious JavaScript code embedded in requests. When malicious payloads are detected, the WAF can block the request, preventing the attack from reaching the web application

A) A WAF encrypts all outgoing HTTP/S traffic: Encryption is handled by TLS/SSL protocols, not specifically by a WAF. While a WAF can work in conjunction with encryption, its primary function is not encryption itself.

B) A WAF distributes incoming web traffic across multiple servers: This describes a load balancer, not a WAF. While some advanced WAF solutions might include load balancing capabilities, it's not their core function.

C) A WAF monitors network traffic for suspicious patterns and alerts administrators of potential intrusions without actively blocking them: This describes an Intrusion Detection System (IDS), not a WAF. A WAF is primarily an Intrusion Prevention System (IPS) for web applications, meaning it actively blocks malicious traffic.