Practice free →
HomeB.Tech Cyber SecuritycybersecurityNetwork Security › A WEB APPLICATION FIREWALL (WAF) sits at which l…

A WEB APPLICATION FIREWALL (WAF) sits at which layer of the network?

APhysical (Layer 1 cabling)
BApplication (L7), HTTP inspection
CData Link (Layer 2 frames)
DTransport (Layer 4 segments)
Answer & Solution
Correct answer: B. Application (L7), HTTP inspection
1. WAF: a Layer 7 (application) firewall that understands HTTP/HTTPS semantics. 2. INSPECTS: URLs, headers, cookies, request body, response body — and can block malicious patterns. 3. PROTECTS AGAINST: SQL injection, XSS, file inclusion, command injection, OWASP Top 10 in general. 4. DEPLOYMENT: • Reverse proxy (e.g. ModSecurity in front of nginx, AWS WAF, Cloudflare). • Inline appliance. • Embedded in an API gateway. 5. LIMITS: rule-based, signature-driven; can be bypassed with encoding tricks. Should be ONE LAYER in defense in depth, not the only one. _Source: OWASP WAF Project + NIST SP 800-95 reference._
Solve this in the app — B.Tech Cyber Security practice & 24k+ MCQs →
Related questions