Oracle Cloud Infrastructure 2020 Architect Professional — Question 24

A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.
How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)

Answer options

• A. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.
• B. Enable an Access Rule to block the IP Address range from London.
• C. Enable a Protection Rule to block requests XSS Filters Categories and SQL Filters Categories.
• D. Enable a Protection Rule to block requests that came from London.
• E. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.

Correct answer: C

Explanation

The correct answer is C because enabling a Protection Rule specifically for XSS Filters Categories and SQL Filters Categories directly addresses the types of attacks being executed. Options A, B, D, and E do not effectively target the vulnerabilities of SQL Injection and XSS, as they either rely on IP blocking or are not specifically tailored to the attack patterns.