Exam SY0-701 topic 1 question 296 discussion

I'm going A and E. F would be a good thing to implement too, but the questions is asking specifically for advanced network capabilities and a SIEM does a lot more than just that. NIDS and WAF are the network-focused options I think it wants us to choose.

apologies, The question says for web application, so HIPS is not the answer.

Out of all the options, only HIPS and WAF are helpful for prevention. WAF is used for both detection and prevention. The question says Advanced Network Security Capability. To me it is not enough relevant with SIEM or NIDS, as it does not protect the system.

if we are going off of network security. NIDS will monitor the whole network as opposed to just one host (HIPS). and a WAF protect the web application.

A Web Application Firewall (WAF) is specifically designed to protect web applications from attacks such as SQL injection, cross-site scripting, and cross-site request forgery. It can filter and block malicious traffic, protecting the web application from vulnerabilities. A Security Information and Event Management (SIEM) system can be used to monitor network traffic and identify potential security threats. By analyzing logs from various sources, including the WAF, the SIEM can detect and respond to attacks in real-time.

Changing my previous answer. D&E. WAF protects the web application by filtering and monitoring HTTP/HTTPS traffic (port 443 is HTTPS). A HIPS installed on the web application's server will monitor/analyze activity with the ability to detect and prevent exploitation of vulnerabilities.

A. NIDS E. WAF They're asking for setting things up. So set up a WAF and then a NIDS - anomalies would alert admins to take action. SIEM is good because it's still collecting data, but it's more about overall data security whereas NIDS is specifically for the network.

Why: E. WAF (Web Application Firewall): A WAF is specifically designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It can help prevent attacks such as SQL injection, cross-site scripting (XSS), and other common web-based threats. Setting up a WAF on port 443 (which is used for HTTPS traffic) would directly address risks associated with web application vulnerabilities. F. SIEM (Security Information and Event Management): A SIEM system collects and analyzes security data from across the network, including logs and events from the web application. It provides real-time analysis, helps in detecting anomalies, and assists in responding to potential threats. This would complement the WAF by providing a broader view of security incidents and facilitating incident response.

GPT: A & E

Changing my previous answer. I got with D & E. Together these two tools should provide a comprehensive defense securing both the application and the underlying server.

E. WAF (Web Application Firewall) A. NIDS (Network Intrusion Detection System) Explanation: E. WAF (Web Application Firewall): A WAF specifically protects web applications by filtering and monitoring HTTP/HTTPS traffic between a web application and the internet. It can help detect and block attacks targeting the web application, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities. A. NIDS (Network Intrusion Detection System): NIDS monitors network traffic for suspicious activity and potential threats. Deploying NIDS can help detect malicious activity at the network level, including attempts to exploit vulnerabilities over port 443. These two options would significantly enhance the security of the web application by providing both application-level protection (WAF) and network-level monitoring (NIDS).

Could be A and F also? NIDS (Network Intrusion Detection System): This system monitors network traffic for potential malicious activity, including attempts to exploit vulnerabilities in the web application. While it primarily detects rather than prevents, it provides valuable insights into potential threats and alerts the security team

Doesn't SIEM only monitor and report, not actually prevent? Wouldn't HIPS be more appropriate?

WAF and SIEM are correct answers.