210-250 · Question #67
Which two features must a next generation firewall include? (Choose two.)
The correct answer is C. application visibility and control E. intrusion detection system. Next generation firewalls (NGFWs) extend traditional firewall capabilities by adding deep packet inspection features, with application visibility/control and intrusion detection being core defining components.
Question
Which two features must a next generation firewall include? (Choose two.)
Options
- Adata mining
- Bhost-based antivirus
- Capplication visibility and control
- DSecurity Information and Event Management
- Eintrusion detection system
How the community answered
(22 responses)- A5% (1)
- B9% (2)
- C86% (19)
Why each option
Next generation firewalls (NGFWs) extend traditional firewall capabilities by adding deep packet inspection features, with application visibility/control and intrusion detection being core defining components.
Data mining is an analytical/business intelligence process unrelated to firewall functionality or network security enforcement.
Host-based antivirus is an endpoint security control that runs on individual hosts, not a feature embedded in a network firewall appliance.
Application visibility and control (AVC) is a defining feature of NGFWs, enabling identification and management of traffic at Layer 7 by application type rather than just port or protocol. This distinguishes NGFWs from traditional stateful firewalls.
SIEM is a separate centralized log aggregation and correlation platform, not a feature built into a firewall itself.
An intrusion detection system (IDS) is a core component integrated into NGFWs, allowing the firewall to inspect traffic for known attack signatures and anomalous behavior beyond simple packet filtering.
Concept tested: Next generation firewall core feature requirements
Source: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-next-generation-firewall.html
Topics
Community Discussion
No community discussion yet for this question.