NSE4 Question #314: Real Exam Question with Answer & Explanation

The correct answer is B: SQL injection attacks. A Web Application Firewall (WAF) profile can block various application-layer attacks and control data flows specific to web applications.

Submitted by minji_kr· Apr 18, 2026Security Profiles and Content Inspection

Question

What traffic and attacks can be blocked by a web application firewall (WAF) profile? (Choose three.)

Options

ATraffic to inappropriate web sites
BSQL injection attacks
CServer information disclosure attacks
DCredit card data leaks
ETraffic to botnet command and control (C&C) servers

Explanation

A Web Application Firewall (WAF) profile can block various application-layer attacks and control data flows specific to web applications.

Common mistakes.

A. Blocking traffic to inappropriate web sites is typically a function of URL filtering or web filtering, not a primary capability of a WAF profile.
D. Credit card data leaks are primarily prevented by Data Loss Prevention (DLP) systems, which inspect content for sensitive information, rather than by a WAF.

Concept tested. WAF attack protection capabilities

Reference. https://docs.fortinet.com/document/fortiweb/7.0.0/administration-guide/155708/web-application-firewall-waf

Topics

#Web Application Firewall#Application Security#SQL Injection#Information Disclosure

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions