312-50V13 Question #351: Real Exam Question with Answer & Explanation

Question

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

Options

• AData-driven firewall
• BPacket firewall
• CWeb application firewall
• DStateful firewall

Explanation

Web Application Firewalls (WAFs) operate at the application layer (Layer 7) and are specifically designed to inspect HTTP/HTTPS traffic, making them capable of detecting and blocking SQL injection attacks by analyzing the content of web requests against known attack patterns and signatures.

Why the distractors are wrong:

• A. Data-driven firewall – This type filters traffic based on the actual data content flowing through a network, but it is not specifically engineered to identify application-layer exploits like SQL injection.
• B. Packet firewall – Operates at the network layer, examining packet headers (IP addresses, ports) rather than payload content, so it cannot inspect or understand SQL injection strings embedded in requests.
• D. Stateful firewall – Tracks the state of active connections and makes decisions based on connection context, but it still lacks the deep application-layer inspection needed to detect SQL injection patterns.

Memory Tip: Think "WAF = Web App Fighter" - whenever you see an attack targeting a web application (like SQL injection, XSS, or CSRF), the Web Application Firewall is your go-to answer, because it's the only firewall type that "reads" and understands the actual content of web traffic.

No community discussion yet for this question.