A security engineer is reviewing log data and sees the output below:
POST: /payload.php HTTP/1.1
HTTP/1.1 403 Forbidden
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST
likely being used to generate this log?
Host-based Intrusion Detection System
Web application firewall
Network-based Intrusion Detection System
Stateful Inspection Firewall
URL Content Filter
A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of
communication rules for a website and all visitors. It’s intended to be an application-specific firewall to prevent
cross-site scripting, SQL injection, and other web application attacks.
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated by a
user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source
or are being perpetrated by a user locally logged in to the host.
D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding
response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access
to specified websites and certain web-based applications.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21