CAS-003 · Question #150
CAS-003 Question #150: Real Exam Question with Answer & Explanation
The correct answer is A: WAF. The attack in this question is an XSS (Cross Site Scripting) attack. We can prevent this attack by using a Web Application Firewall. A WAF (Web Application Firewall) protects a Web application by controlling its input and output and the access to and from the application. Running
Question
Options
- AWAF
- BInput validation
- CSIEM
- DSandboxing
- EDAM
Explanation
The attack in this question is an XSS (Cross Site Scripting) attack. We can prevent this attack by using a Web Application Firewall. A WAF (Web Application Firewall) protects a Web application by controlling its input and output and the access to and from the application. Running as an appliance, server plug-in or cloud- based service, a WAF inspects every HTML, HTTPS, SOAP and XML-RPC data packet. Through customizable inspection, it is able to prevent attacks such as XSS, SQL injection, session hijacking and buffer overflows, which network firewalls and intrusion detection systems are often not capable of doing. A WAF is also able to detect and prevent new unknown attacks by watching for unfamiliar patterns in the traffic data. A WAF can be either network-based or host-based and is typically deployed through a proxy and placed in front of one or more Web applications. In real time or near-real time, it monitors traffic before it reaches the Web application, analyzing all requests using a rule base to filter out potentially harmful traffic or traffic patterns. Web application firewalls are a common security control used by enterprises to protect Web applications against zero-day exploits, impersonation and known vulnerabilities and attackers.
Community Discussion
No community discussion yet for this question.