A public web application is seeing bursts of requests that contain SQL metacharacters, encoded script tags, and attempts to POST to administrative endpoints. The team wants a control that can inspect HTTP traffic and block the malicious requests before they reach the app. What should be deployed?

An endpoint detection and response agent on the web server only

EDR helps detect malicious activity on the host, but it does not provide dedicated inline inspection of web requests at the perimeter.

A data loss prevention rule on the email gateway

DLP focuses on protecting sensitive data from leaving the organization and is not built to block hostile web requests.

A network access control system for user authentication

NAC controls device access to the network, but it does not inspect application-layer web payloads for injection attempts.

What does this SY0-701 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: A web application firewall in front of the application — A web application firewall is the best fit because it can analyze HTTP and HTTPS traffic at the application layer and block patterns commonly associated with SQL injection, XSS, and malicious administrative requests. It provides a control point before the traffic reaches the web server, which is exactly what the team wants. While other tools may alert or help elsewhere, a WAF is purpose-built for this kind of inline web protection. Why others are wrong: EDR is useful for host-level detection, but it is not a front-line web request filter. DLP is aimed at preventing sensitive data exfiltration, not inspecting hostile payloads. NAC regulates which devices connect to the network, but it does not make decisions about the content of HTTP requests to a public web application.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.