Oracle 1z0-997-22 Q&A: How would you configure WAF to protect website against wide scale cyber attacks

Question

A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against such attacks.

How would you configure your WAF to protect the website against those attacks?

A. Enable an Access Rule to block the IP Address range from London.
B. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.
C. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.
D. Enable a Protection Rule to block requests that came from London.
E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Answer

E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Explanation 1

The correct answer is E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

A WAF can be configured to protect against SQL injection and XSS attacks by enabling Protection Rules that contain XSS Filters Categories and SQL Filters Categories. These Protection Rules will block requests that contain malicious code that is associated with these attack vectors.

Option A: Enabling an Access Rule to block the IP Address range from London will not protect against SQL injection and XSS attacks. This is because these attacks can be launched from anywhere in the world.

Option B: Enabling an Access Rule that contains XSS Filters Categories and SQL Filters Categories will protect against these attacks. However, this is not the most granular way to configure the WAF.

Option C: Enabling a Protection Rule to block requests that came from London will not protect against SQL injection and XSS attacks. This is because these attacks can be launched from anywhere in the world.

Option D: Enabling a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings will not protect against these attacks. This is because not all attacks will contain these strings in the HTTP headers.

Therefore, the best way to configure the WAF to protect against SQL injection and XSS attacks is to enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Here are some additional details about how to configure a WAF to protect against SQL injection and XSS attacks:

• The XSS Filters Categories and SQL Filters Categories are pre-defined sets of rules that can be used to block malicious code that is associated with these attack vectors.
• The WAF can be configured to block requests that contain any of the malicious code that is associated with these attack vectors.
• The WAF can also be configured to block requests that contain specific patterns of malicious code.

By configuring the WAF to block malicious code that is associated with SQL injection and XSS attacks, you can help to protect your websites from these types of attacks.

Explanation 2

For a situation where websites hosted on Oracle Cloud Infrastructure (OCI) need to be protected from cyber-attacks such as SQL Injection and Cross-Site Scripting (XSS), the most effective answer is:

E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Oracle Cloud Infrastructure Web Application Firewall (WAF) protects against these activities. It enables customers to create and manage rules that help avoid internet threats, among which are XSS and SQL Injection. By enabling an XSS Filter Category and an SQL Filter Category, the WAF can identify and terminate XSS and SQL Injection attempts.

This is more effective than blocking IP addresses or regions (options A and D), as attacks can originate from anywhere and attackers frequently mask their locations. Similarly, attack attempts may not always contain XSS and SQL strings in HTTP Headers (option C), making this approach less reliably comprehensive.

Hence, by enabling a protection rule consisting of XSS Filters Categories and SQL Filters Categories (option E), the WAF can provide comprehensive protection against a broader range of SQL Injection and Cross-Site Scripting attempts, irrespective of the origin of the attack.

Explanation 3

The correct answer is E: Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

The question mentions that the websites are being attacked by SQL Injection and Cross-Site Scripting (XSS) attacks. In order to protect the websites against such attacks, the WAF needs to be configured with relevant filter rules.

Option A and D, blocking by IP address, is not recommended. Hackers can easily change their IP addresses to bypass such rules.

Option B and E are similar – they suggest enabling filter rules for XSS and SQL attacks. This is the recommended approach. Enabling the relevant filter categories for XSS and SQL will detect and block requests containing malicious XSS and SQL code.

Option C is incorrect. Protecting based on HTTP headers alone is not enough. The WAF needs specific filters for XSS and SQL attacks.

Therefore, the best option is E: Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories. This will detect and block the XSS and SQL Injection attacks most effectively.

Explanation 4

The correct answer is E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

A WAF is a type of security appliance that can be used to protect websites from a variety of attacks, including SQL injection and XSS. WAFs work by inspecting HTTP requests and blocking those that contain malicious code.

To protect a website against SQL injection and XSS attacks, you can enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories. These categories contain a list of common malicious strings that are used in these attacks. When a WAF encounters a request that contains one of these strings, it will block the request.

Option A is incorrect because it would only block requests from the IP address range of London. This would not protect the website against attacks from other locations.

Option B is incorrect because it would only block requests that contain the XSS and SQL strings in the HTTP headers. This would not protect the website against attacks that use other methods to inject malicious code.

Option C is incorrect because it would only block requests that contain the XSS and SQL strings in the HTTP headers. This would not protect the website against attacks that use other methods to inject malicious code.

Option D is incorrect because it would not block any requests. This is because a Protection Rule is used to block requests, while an Access Rule is used to allow or deny requests.

Therefore, the best way to configure a WAF to protect a website against SQL injection and XSS attacks is to enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Explanation 5

To protect the websites hosted in Oracle Cloud Infrastructure (OCI) against SQL Injection and Cross-Site Scripting (XSS) attacks, you would configure the Web Application Firewall (WAF) by enabling a Protection Rule that contains XSS Filters Categories and SQL Filters Categories. The correct option is E.

SQL Injection and Cross-Site Scripting (XSS) are common attack vectors that target web applications. A Web Application Firewall (WAF) can help mitigate these attacks by filtering and blocking malicious traffic.

Option A suggests blocking the IP address range from London. While this may temporarily prevent attacks from the specific location, it does not address the actual attack vectors (SQL Injection and XSS) and may block legitimate users from accessing the websites.

Option B suggests enabling an Access Rule that contains XSS Filters Categories and SQL Filters Categories. However, Access Rules are typically used for controlling access to specific resources or IP addresses, rather than filtering specific types of attacks. Therefore, this option is not the most appropriate choice for protecting against SQL Injection and XSS attacks.

Option C suggests enabling a Protection Rule to block attacks based on HTTP Headers that contain XSS and SQL strings. While it is important to protect against attacks in HTTP headers, this option does not specifically address SQL Injection and XSS attacks. Additionally, blocking based on specific headers may have unintended consequences and impact legitimate traffic.

Option D suggests enabling a Protection Rule to block requests that came from London. Similar to Option A, this approach focuses on blocking requests from a specific location rather than addressing the specific attack vectors. It may also inadvertently block legitimate users.

Option E suggests enabling a Protection Rule that contains XSS Filters Categories and SQL Filters Categories. This option is the most appropriate choice for protecting against SQL Injection and XSS attacks. By enabling a Protection Rule with XSS Filters Categories, the WAF can detect and block malicious cross-site scripting attempts. Similarly, by enabling a Protection Rule with SQL Filters Categories, the WAF can detect and block SQL injection attempts. This approach focuses on filtering and blocking the specific attack vectors, providing effective protection for the websites hosted in OCI.

In summary, to protect the websites against SQL Injection and XSS attacks, you should enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories (Option E).

Explanation 6

The correct answer is E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

To protect against SQL Injection and Cross-Site Scripting (XSS) attacks, you can use a Web Application Firewall (WAF). A WAF is a security device that filters and blocks malicious traffic from reaching your website. You can configure a WAF to block specific types of attacks, such as SQL Injection and XSS.

To configure a WAF to protect against SQL Injection and XSS attacks, you need to enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories. XSS Filters Categories and SQL Filters Categories are lists of common attack patterns that can be used to identify and block malicious traffic.

When you enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories, the WAF will scan all incoming traffic for these attack patterns. If the WAF detects any of these attack patterns, it will block the traffic and prevent it from reaching your website.

Enabling a Protection Rule that contains XSS Filters Categories and SQL Filters Categories is the most effective way to protect your website against SQL Injection and XSS attacks.

Explanation 7

The correct answer is E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

A WAF can be configured to protect websites against SQL injection and XSS attacks by enabling Protection Rules that contain XSS Filters Categories and SQL Filters Categories. These categories contain patterns that are commonly used in these attacks, and the WAF will block requests that contain these patterns.

Option A: Enabling an Access Rule to block the IP address range from London will not protect against SQL injection and XSS attacks. These attacks can be launched from anywhere in the world, so blocking the IP address range from London will not prevent them.

Option B: Enabling an Access Rule that contains XSS Filters Categories and SQL Filters Categories will protect against SQL injection and XSS attacks. This is the most comprehensive option, as it will block requests that contain patterns that are commonly used in these attacks.

Option C: Enabling a Protection Rule to block requests that came from London will not protect against SQL injection and XSS attacks. These attacks can be launched from anywhere in the world, so blocking requests that came from London will not prevent them.

Option D: Enabling a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings will not protect against SQL injection and XSS attacks. This is because there are many other ways to launch these attacks, such as through the URL or the body of the request.

Therefore, the best way to configure a WAF to protect websites against SQL injection and XSS attacks is to enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Explanation 8

As an IT consultant, my primary goal is to ensure the security and integrity of the websites hosted in Oracle Cloud Infrastructure (OCI). To protect these websites against wide-scale cyber attacks, including SQL Injection and Cross-Site Scripting (XSS), I would configure a Web Application Firewall (WAF) as follows:

B. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories:

1. Enable an Access Rule that filters incoming traffic based on the IP address range of the attackers. This will help block any incoming requests from known attacker IP addresses.
2. Configure the Access Rule to filter traffic based on HTTP headers containing XSS and SQL strings. This will help detect and block any malicious requests that may contain malicious SQL or XSS code.
3. Add XSS Filters Categories to the Access Rule to detect and block any suspicious HTTP headers that may contain XSS attacks.
4. Add SQL Filters Categories to the Access Rule to detect and block any suspicious HTTP headers that may contain SQL injection attacks.

By configuring the WAF in this manner, we can effectively block any incoming traffic that may contain malicious SQL or XSS code, thereby protecting the websites hosted in OCI from these types of attacks.

Option A is not the best choice as it may block legitimate traffic from London, which could result in unnecessary downtime or errors.

Option C is not a viable option as it may not detect all types of XSS and SQL injection attacks.

Option D is not an effective solution as it may not block all incoming traffic from London, and may not detect all types of XSS and SQL injection attacks.

Option E is the correct answer as it involves configuring the WAF with XSS Filters Categories and SQL Filters Categories to effectively protect the websites hosted in OCI from these types of attacks.

Explanation 9

To protect the websites hosted in Oracle Cloud Infrastructure (OCI) against SQL Injection and Cross-Site Scripting (XSS) attacks launched by the hacktivist group, you would configure the Web Application Firewall (WAF) by enabling a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

The correct answer is:

E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

1. Web Application Firewall (WAF):

• A WAF is a security feature that protects web applications from various types of attacks, including SQL Injection and Cross-Site Scripting (XSS).
• It acts as a filter between the web application and the client, analyzing and blocking malicious traffic.

2. Protection Rules:

• Protection rules in the WAF define the actions to be taken when specific types of attacks are detected.
• In this scenario, to protect against SQL Injection and XSS attacks, a protection rule needs to be configured.

3. XSS Filters Categories and SQL Filters Categories:

• XSS Filters Categories: XSS filters are designed to detect and block malicious scripts injected into web pages, preventing them from being executed by client browsers.
• SQL Filters Categories: SQL filters are used to detect and block SQL injection attempts, where attackers try to manipulate SQL queries to gain unauthorized access to databases.

4. Configuration Recommendation:

• To protect the websites against SQL Injection and XSS attacks, you should enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.
• This ensures that the WAF will apply the necessary filters to detect and block any malicious attempts related to XSS and SQL injection.

Therefore, to configure the WAF and protect the websites against SQL Injection and Cross-Site Scripting attacks, you need to enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Explanation 10

The correct answer to the question is E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Here is a detailed explanation of why this is the correct answer and why the other options are incorrect:

• Option A is incorrect because blocking the IP address range from London is not a reliable way to prevent SQL Injection and XSS attacks. Hackers can use proxies, VPNs, or other methods to mask their IP addresses and bypass the access rule. Moreover, this option may also block legitimate traffic from London that is not related to the attacks.
• Option B is incorrect because access rules are used to inspect HTTP request properties and return a defined HTTP response. They are not designed to detect and block SQL Injection and XSS attacks, which are based on the content of the requests. Access rules can only filter requests based on criteria such as IP addresses, countries, HTTP methods, headers, or user agents.
• Option C is incorrect because protection rules are used to inspect HTTP requests for malicious content and block them based on predefined protection capabilities. However, protection rules cannot block attacks based on HTTP headers alone, as they may contain false positives or false negatives. For example, an HTTP header that contains XSS or SQL strings may be part of a legitimate request or a benign test. Protection rules need to inspect the entire request body and parameters to accurately detect and block SQL Injection and XSS attacks.
  Option D is incorrect because protection rules cannot block requests based on geographic locations. As mentioned earlier, hackers can use proxies, VPNs, or other methods to mask their locations and bypass the protection rule. Moreover, this option may also block legitimate traffic from London that is not related to the attacks.
• Option E is correct because protection rules can block SQL Injection and XSS attacks by using predefined protection capabilities that contain XSS Filters Categories and SQL Filters Categories. These categories include various rules that detect common patterns of SQL Injection and XSS attacks in the request body and parameters, such as SQL keywords, commands, operators, comments, injections, encoding, evasion techniques, etc. By enabling these categories in the protection rule, you can effectively protect your websites against SQL Injection and XSS attacks.

Explanation 11

According to Oracle, Web Application Firewall (WAF) is a cloud-based, globally deployed security solution that protects web applications against cyberattacks. WAF can be configured to enable access rules and protection rules that filter the incoming traffic based on various criteria.

To protect the websites against SQL Injection and Cross-Site Scripting (XSS) attacks, you would need to enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories. This would block the requests that contain malicious payloads or scripts that attempt to exploit the web applications’ vulnerabilities. Therefore, the correct answer is E.

The other options are not correct because:

• A. Blocking the IP Address range from London would not prevent attackers from other locations or using proxies or VPNs.
• B. Access Rules are used to allow or deny traffic based on IP addresses, countries, HTTP headers, or request methods. They do not filter the traffic based on XSS or SQL categories.
• C. Protection Rules are based on predefined categories and conditions, not on custom HTTP headers. Also, XSS and SQL strings may not be present in the HTTP headers, but in the request body or URL parameters.
• D. Blocking requests that came from London would not prevent attackers from other locations or using proxies or VPNs.

Explanation 12

A Web Application Firewall (WAF) is a cloud-based service that protects applications from malicious and unwanted internet traffic. To configure a WAF to protect the websites against SQL Injection and Cross-Site Scripting (XSS) attacks, you need to enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories. Therefore, the correct answer is E.

Explanation 13

The correct answer to your question is E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

A Protection Rule is a set of protection capabilities that are used to determine if traffic should be logged, allowed, or blocked by the Web Application Firewall (WAF). The WAF provides a list of predefined Protection Rules that cover various types of attacks, such as SQL Injection, Cross-Site Scripting (XSS), Remote File Inclusion, and more. You can enable or disable these rules individually or by categories.

To protect your websites against SQL Injection and XSS attacks, you need to enable the Protection Rules that contain the XSS Filters Categories and SQL Filters Categories. These categories include rules that detect and block malicious requests that attempt to inject SQL commands or execute scripts on your web applications. You can also customize the action (log, allow, or block) and the exclusions for each rule.

The other options are not correct for the following reasons:

• A. Enable an Access Rule to block the IP Address range from London: An Access Rule is a rule that allows you to control access to your web applications based on various criteria, such as IP addresses, geographies, HTTP headers, and more. However, blocking the IP Address range from London is not a reliable way to protect your websites against SQL Injection and XSS attacks, because the attackers may use proxies, VPNs, or other methods to bypass the IP filtering.
• B. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories: An Access Rule does not contain XSS Filters Categories and SQL Filters Categories. These are categories of Protection Rules, not Access Rules.
• C. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings: A Protection Rule does not allow you to specify custom criteria based on HTTP Headers. You can only enable or disable the predefined rules or categories provided by the WAF.
• D. Enable a Protection Rule to block requests that came from London: A Protection Rule does not allow you to block requests based on geographies. You can only use an Access Rule for that purpose.

Explanation 14

The correct answer is:

E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

To protect the websites hosted in Oracle Cloud Infrastructure (OCI) against SQL Injection and Cross-Site Scripting (XSS) attacks, you should enable a Web Application Firewall (WAF) and configure a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

1. Web Application Firewall (WAF): A WAF is a security feature that sits between the client and the web server and monitors, filters, and blocks HTTP/HTTPS traffic to and from a web application. It helps protect the web application from various web-based attacks, including SQL Injection and Cross-Site Scripting (XSS).
2. Protection Rules: WAF works based on rules that define how to handle different types of traffic. Protection Rules are the set of rules that you configure on the WAF to protect against specific types of attacks.
3. XSS Filters Categories: Cross-Site Scripting (XSS) is an attack that injects malicious scripts into web pages viewed by other users. To prevent XSS attacks, you should enable a Protection Rule that contains XSS Filters Categories. These filters inspect the HTTP requests and responses for any malicious scripts and block them from reaching the web application.
4. SQL Filters Categories: SQL Injection is an attack that allows an attacker to manipulate a web application’s SQL query by injecting malicious SQL code. To prevent SQL Injection attacks, you should enable a Protection Rule that contains SQL Filters Categories. These filters inspect the HTTP requests for any malicious SQL code and block them from reaching the web application.

By enabling a Protection Rule that contains both XSS Filters Categories and SQL Filters Categories, you provide a robust defense against XSS and SQL Injection attacks for the websites hosted in OCI. This approach helps ensure that malicious requests are filtered out before they reach the web application, protecting the websites from potential damage and data breaches.

The other options are not the best ways to protect against SQL Injection and Cross-Site Scripting (XSS) attacks:

A. Blocking the IP Address range from London (option A) would not be an effective approach as it might block legitimate traffic from that location and not necessarily protect against XSS and SQL Injection attacks.

B. Enabling an Access Rule with XSS Filters and SQL Filters Categories (option B) might provide some protection, but it is not as comprehensive as enabling a Protection Rule specifically designed to handle these types of attacks.

C. Blocking attacks based on HTTP Headers (option C) might help in some scenarios, but it might not be sufficient to protect against all XSS and SQL Injection attack vectors.

D. Blocking requests that come from London (option D) might be an overreaching solution, potentially blocking legitimate traffic from that location, and might not adequately protect against XSS and SQL Injection attacks.

In conclusion, to protect the websites against SQL Injection and Cross-Site Scripting (XSS) attacks, enable a Web Application Firewall (WAF) and configure a Protection Rule that contains both XSS Filters Categories and SQL Filters Categories. This will provide a robust and targeted defense against these specific types of web-based attacks.

Explanation 15

To configure a Web Application Firewall (WAF) in Oracle Cloud Infrastructure (OCI) to protect websites against SQL Injection and Cross-Site Scripting (XSS) attacks, the most appropriate option would be:

E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Explanation:
Enabling a Protection Rule that contains XSS Filters Categories and SQL Filters Categories is the recommended approach to protect against SQL Injection and XSS attacks. XSS Filters Categories help detect and block malicious scripts injected into web pages, while SQL Filters Categories help prevent SQL Injection attacks by blocking SQL queries that contain malicious code.

Option A, enabling an Access Rule to block the IP Address range from London, may not be effective as the hacktivist group could use proxies or other methods to hide their true location.

Option B, enabling an Access Rule that contains XSS Filters Categories and SQL Filters Categories, is not the best choice because Access Rules are primarily used for controlling access to resources based on IP addresses or CIDR blocks, rather than providing specific protection against SQL Injection and XSS attacks.

Option C, enabling a Protection Rule to block attacks based on HTTP Headers that contain XSS and SQL strings, may not be sufficient as attackers can modify or obfuscate the headers to bypass this protection.

Option D, enabling a Protection Rule to block requests that came from London, is not recommended as it may block legitimate traffic from London and may not effectively prevent attacks originating from other locations.

Therefore, option E is the most appropriate choice as it focuses on protecting against SQL Injection and XSS attacks by using specific filters designed to detect and block malicious code.

Explanation 16

The correct answer is E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

To protect the websites against SQL injection and cross-site scripting (XSS) attacks, the best approach is to enable protection rules that are specifically tailored to those types of attacks.

Option A and D, blocking based on IP address or location, are not ideal approaches. Hackers can easily change their IP addresses or spoof locations.

Option B and C, enabling generic access or protection rules, are too broad. They may block legitimate traffic in addition to malicious attacks.

Option E, enabling a protection rule with XSS filters and SQL filters, is the most targeted and effective approach. The WAF can be configured with specific filters to detect and block known SQL injection and XSS attack patterns, while allowing normal traffic.

In summary, enabling protection rules with filters for the specific attack types (SQL injection and XSS in this case) is the best practice to configure a Web Application Firewall to protect against those attacks, while minimizing impact to legitimate users.

Reference

• Overview of Web Application Firewall (oracle.com)
• Web Application Firewall (oracle.com)
• Web Application Firewall (WAF) | Oracle Perú
• Getting Started with Web Application Firewall Policies (oracle.com)
• Oracle Cloud Infrastucture Web Application Firewall

Oracle Cloud Infrastructure 2022 Architect Professional 1z0-997-22 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Oracle Cloud Infrastructure 2022 Architect Professional 1z0-997-22 exam and earn Oracle Cloud Infrastructure 2022 Architect Professional 1z0-997-22 certification.