Which statement differentiates a Web Application Firewall (WAF) from a traditional network firewall?

• A. A WAF caches web content to improve performance.
• B. A WAF filters traffic at the transport layer only.
• C. A WAF inspects HTTP/HTTPS traffic and applies application-layer rules.
• D. A WAF blocks physical access to network hardware.

Answer: (D)

A Web Application Firewall stands apart because it inspects HTTP/HTTPS traffic at the application layer, interpreting the actual web requests and applying rules based on web app behavior. This lets it see the URLs, query parameters, headers, cookies, and payloads, so it can block web-specific exploits like SQL injection and cross-site scripting. A traditional network firewall, on the other hand, focuses on filtering traffic by IPs, ports, and basic protocol details without understanding the meaning of the web data. The caching option isn’t the primary role of a WAF, which is why it’s not the best differentiator, and blocking physical access to hardware is outside the firewall’s purpose.