A web team is moving a customer portal behind a new inspection device. They need something that can examine HTTP requests, block malicious patterns like injection attempts, and still allow normal browsing. Which control is most appropriate?

IDS, because it alerts on suspicious traffic without affecting application delivery.

An IDS can detect attacks, but it typically does not sit in the request path to block them.

DLP, because it can stop sensitive data from being posted to the portal.

DLP focuses on protecting data from unauthorized movement, not inspecting and blocking malicious web requests.

NAC, because it verifies whether devices are allowed onto the network.

NAC controls network admission for endpoints, not the content of HTTP requests sent to a web application.

What does this SY0-701 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: WAF, because it understands web requests and can block malicious application-layer traffic. — A WAF is the most appropriate control because it operates at the web application layer and can inspect, allow, or block HTTP traffic based on application-aware rules. That makes it well suited for preventing injection attempts while still permitting normal browser traffic. It is a common control when a team needs stronger protection for a public-facing portal without changing the application itself. Why others are wrong: An IDS can detect suspicious traffic but is usually not the right inline blocker. DLP is about preventing unauthorized data exfiltration, not filtering web attacks. NAC manages who may connect to the network, but it does not evaluate the maliciousness of individual HTTP requests.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.