WAF Flashcards

1
Q

F5 discovery questions

A
  • How important is it for you to have a predictable security budget?
  • Have you ever calculated the costs associated with keeping/maintaining dedicated resources for configuring F5?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WAF highlights (CLARC)

A

COMPLIANCE for PCI DSS requirement 6.6 — Cloudflare’s WAF enables you to cost-effectively fulfill PCI compliance

LIGHTNING-fast 0.3 ms processing times, with instant global updates

AUTOMATIC protection from diverse threats, with strong default rule sets and extensive customization providing Layer 7 protection that is fully integrated with DDoS mitigation

REAL-time reporting — robust logging lets you see what’s happening instantaneously

CLOUD deployment with no hardware, software or tuning required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Selling point: a robust rules engine to customize your needs

A

Our WAF runs ModSecurity rule sets out of the box, protecting you against the most critical web application security flaws as identified by OWASP. It can also handle your existing rule sets and custom rules. Rules become effective in under 30 seconds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Selling point: cloud deployment plus DDoS mitigation and CDN

A

As a cloud-based service, Cloudflare’s WAF requires no hardware or software to install and maintain. Deploy the WAF with a single click, customizing it to meet your needs.

Its integration into the overall Cloudflare service means you get additional functionality for free. You can secure your website against DDoS attacks and use our global content delivery network to make it run faster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does Cloudflare WAF protect against?

A

SQL injection, cross-site scripting (XSS), and zero-day attacks, including OWASP-identified vulnerabilities and threats targeting the application layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What’s our WAF’s false positive rate?

A

1/50,000,000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Restrict by IP/geolocation

A

Can blacklist/whitelist traffic from specific IP addresses or countries to protect against hackers from specific IPs or countries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Virtual patching

A

Fixes a vulnerability before you patch your server or update your code, allowing you more time to patch and test updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

URL-specific custom rule sets

A

Allows you to include/exclude specific URLs or subdomains for WAF protection to test domains or include/ exclude specific subdomains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PCI certification

A

Cloudflare’s service has received Level 1 service provider certification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WAF settings

A

Block

Simulate (test for false positives)

Challenge (CAPTCHA)

Customizable block pages (customize page a visitor sees when they’re blocked) ENT only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly