WAF01 - Web Application Firewall - Foundation

Logs can be exported to...

(F)

If you want to create signed certificates with Let's Encrypt...

.. the domain of the service must be reachable at port 443. ... the service must be in active mode. (F)

The WAF passive mode...

...allows traffic even if it triggers security violations. ...logs traffic that triggers security violations.

If you need to match a specific referer or parameter in an HTTP request, you need to use...

...an Extended Match rule.

(MC) In the One-Arm Proxy deployment...

...backend servers could be reached directly, bypassing the WAF. ...only the WAN interface is used for traffic.

(MC) The WAF active mode...

...can be configured as a global setting for all services. ...blocks traffic that triggers security violations.

In the 'Negative Security' model...

...everything is allowed unless blocked by the default policy

URL Normalization...

...must be enabled in the security policy in order to use it. (F)

In the Reverse Proxy operating mode...

...only requests are terminated at the WAF. Responses go directly to the clients (Direct Server Return). ...two different TCP connections are created for the request (Client>WAF and WAF>Server). (F)

In the 'Positive Security' model...

...only specific patterns are blocked. Everything else is allowed. ...changes to the web application not reflected in the WAF configuration might lead to false positives. (F)

The Compression feature compresses...

...only the configured file types in HTTP requests for a specific service or content rule. (F) HTML, JavaScript, Java, and other text-based languages

When an 'action' is changed in the global ACLs...

..all services sharing the same security policy are affected.

When Cookie Security is enabled and the Tamper Proof mode is set to 'Signed', the WAF sends the following to the client:

A cookie hash that is used verify whether the cookie has changed. (F)

When protecting cookies, why can't Temper Proof mode, set to 'Encrypted', always be used?

Because not all browsers can decrypt encrypted cookies. (F)

Select all the requirements for deploying the WAF in high availability.

Both systems must run the same firmware version. Both systems must have at least one service configured. (F)

The WAF virtual appliance can be deployed using the following operating modes:

Bridge-Path (F)

The unit from which the "Join Cluster" procedure is initiated pushes its configuration to the other unit.

FALSE

Changing a service mode from passive to active is sufficient to activate Data Theft Protection.

False, a Bot mitigation policy is needed to activate this feature.

The supported authentication methods for credential stuffing / spraying are:

HTTP basic authentication HTML form JSON / AJAX request

(MC) What are the available untrusted levels in Exception Profiling?

High Low Medium

Dual authentication is only available...

If LDAP and KERBEROS are used as primary authentication services. (F)

What happens if a signed or encrypted cookie is tampered with before it is sent to the WAF?

If the WAF service mode is set to active, the WAF removes the tampered cookie, but the request will still be forwarded to the backend servers.

What is Brute Force protection?

It prevents attackers from forcefully breaking into the web application. It limits the maximum number of requests either from all sources or from a single IP address to a specific part of a web application within a configured interval.

Clustering is initiated using which interface?

LAN

What happens when you accept the suggestion of the "Fix button" of the Web Firewall logs?

Multiple services might be affected by the triggered configuration change. The configuration of the WAF is changed according to the suggestion. (F)

What are security policies?

Pre-configured security settings to inspect HTTP requests and responses.

A JSON profile is required to inspect the JSON content of WebSocket.

TRUE

A security policy can be assigned to only one service. Additional security policies must be created if more services are added into the system.

TRUE

The WebSocket policy can inspect the headers or text payload but not both at the same time.

TRUE

The default Bot mitigation policy created automatically for each service cannot be removed.

TRUE

What happens if multi-domain authentication is enabled and the user does not specify the domain before the username?

The WAF will use the 'Best match' policy to find which domain the user belongs to. (F)

The WAF configuration can be changed using:

The local shell access The web interface SSH (F)

The default password for the 'admin' user is:

The serial number of your Barracuda WAF.

A newly created service has the following security policy associated to it:

default

Access logs are disabled by default and must be enabled on the Service Configuration page.

false

Extended Match rules can only be used in Bot mitigation policies.

false

The Barracuda WAF is licensed by the number of web applications protected.

false

What is 'Sequential Match' in the rule evaluation order?

https://campus.barracuda.com//product/webapplicationfirewall/doc/95263987/rule-matching/

Data saved by the caching functionality is stored in the...

local memory

When the Encryption Tamper Proof mode is enabled, legitimate cookies might be blocked if the Max Cookie Value Length limit, specified in the Request Limits, is not changed accordingly.

true

In which sub-policy is the 'Max Query Length' configured?

URL Normalization (F)

The HTTP POST request generated by a user attempting to log into a protected web application is blocked by the WAF. In which of the following is this request logged?

Web Firewall logs

(MC) What logs are available in the Barracuda WAF?

Web Firewall logs Access logs Audit logs System logs Network Firewall logs

What is Connection Pooling?

A set of open TCP connections between the WAF and the real servers.

What information is found in the Web Firewall logs?

All requests and responses.

What do you have to configure to enforce the antivirus scan for file uploads in some parts of your web applications?

Allow/Deny rules (F)

What is the correct process for creating Content Rules?

Create a new Content Rule in the Bot mitigation policies. Add the backend servers to the rule. (F)

What is the default time interval in which heartbeats are sent in a WAF cluster?

Every 3 seconds

Trusted Hosts can be used in which of the following cases?

To exempt specific traffic from security checks.

What is the purpose of Exception Profiling?

To fine-tune security policies associated with a service using heuristics