Oracle Cloud Infrastructure 2022 Architect Professional — Question 11

A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against such attacks.
How would you configure your WAF to protect the website against those attacks?

Answer options

• A. Enable an Access Rule to block the IP Address range from London.
• B. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.
• C. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.
• D. Enable a Protection Rule to block requests that came from London.
• E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Correct answer: E

Explanation

The correct answer, E, is appropriate because it directly targets the specific types of attacks (XSS and SQL Injection) by applying the relevant filters, ensuring comprehensive protection. Options A and D are ineffective since blocking traffic based solely on location does not address the attacks themselves. Options B and C suggest using access rules or HTTP headers, which are not as effective as the targeted protection rules in option E.