Comptia Security Plus Mock Test Q27

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?

A. WAF
B. NIDS
C. Routers
D. Switches

Correct Answer: A
Section: Network Security

Explanation:
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.

Incorrect Answers:
B: A NIDS (Network Intrusion Detection System) operates in layer 2 of the OSI model, not layer 7.
C: Routers operate in layer 3 of the OSI model, not layer 7.
D: Switches operate in layer 2 of the OSI model, not layer 7.

References:
https://owasp.org/index.php/Web_Application_Firewall
http://en.wikipedia.org/wiki/OSI_model