A security architect has deployed a new Web Application Firewall (WAF) to protect the company's public-facing e-commerce platform. To justify the investment and ensure the control is working as intended, the architect must present a report on the WAF's effectiveness. Which of the following sets of metrics is MOST relevant for evaluating the security effectiveness of the WAF?
CPU utilization, memory consumption, and network latency of the WAF appliance.
Total number of user sessions, daily transaction volume, and average page load time.
Number of deployed firewall rules, time since last policy update, and administrator login frequency.
Number of blocked requests, false positive rate, and threat classification accuracy.
The most relevant metrics for evaluating a WAF's security effectiveness are those that directly measure its ability to identify and block threats while allowing legitimate traffic. The number of blocked requests shows the WAF is actively stopping potential attacks. The false positive rate is crucial for ensuring the WAF does not disrupt business by blocking legitimate users. Threat classification accuracy confirms the WAF is correctly identifying different types of attacks (like SQLi, XSS). While system health metrics (CPU/memory), business metrics (transactions), and operational metrics (rule updates) are important for overall management, they do not directly measure the WAF's primary security function of blocking malicious traffic effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are performance indicators in system security?
Open an interactive chat with Bash
How does telemetry data support proactive security measures?
Open an interactive chat with Bash
Why do long-lived systems need continuous performance measurement?