Comprehensive and Detailed Explanation From Exact Extract:
WAF (Web Application Firewall) protects web applications by inspecting HTTP/S traffic to and from the application. It filters, monitors, and blocks malicious traffic and exploits targeting web application vulnerabilities. WAFs are deployed at the edge, often in conjunction with load balancers, and are ideal for mitigating threats like SQL injection, cross-site scripting, and protocol violations.
NSG (Network Security Group) is a native security feature offered by many cloud providers (such as Azure), functioning similarly to a firewall. NSGs control inbound and outbound traffic at the virtual network interface, subnet, or VM level, allowing engineers to define allowed or denied traffic rules.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide under “Cloud Workload Protection & Security Tools”:
“WAFs are critical for protecting web-facing applications in public cloud environments.”
“Network Security Groups (NSGs) are used to enforce access policies on cloud-based virtual networks, providing filtering and segmentation at the instance or subnet level.”
================================================
