nerdexam
Cisco

350-401 · Question #548

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)

The correct answer is B. integrated intrusion prevention C. application-level inspection. Next-Generation Firewall (NGFW) Security Capabilities Next-generation firewalls introduce integrated intrusion prevention (B) and application-level inspection (C) as their defining new capabilities - these go far beyond what traditional firewalls offer by actively detecting and b

Submitted by joshua94· Mar 6, 2026Security

Question

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)

Options

  • AVPN
  • Bintegrated intrusion prevention
  • Capplication-level inspection
  • DNAT
  • Estateful packet inspection

How the community answered

(19 responses)
  • B
    89% (17)
  • D
    5% (1)
  • E
    5% (1)

Explanation

Next-Generation Firewall (NGFW) Security Capabilities

Next-generation firewalls introduce integrated intrusion prevention (B) and application-level inspection (C) as their defining new capabilities - these go far beyond what traditional firewalls offer by actively detecting and blocking threats within traffic and understanding traffic at Layer 7 (the application layer). The "next-generation" distinction specifically refers to this deep packet inspection and IPS integration, allowing NGFWs to identify applications regardless of port or protocol and stop sophisticated attacks inline.

The distractors - VPN (A), NAT (D), and stateful packet inspection (E) - are all capabilities found in traditional firewalls and are therefore not new capabilities introduced by NGFWs. Stateful packet inspection in particular is considered a baseline feature of conventional firewalls, while VPN and NAT have been standard networking features for decades.

Memory Tip: Think of NGFW as "smarter" firewalls - they add Intelligence (IPS) and Awareness (Application inspection). The acronym "IA" reminds you that NGFWs are about Intrusion prevention and Application-layer visibility, not legacy features like NAT, VPN, or stateful inspection.

Topics

#Next-Generation Firewall (NGFW)#Security capabilities#Intrusion Prevention System (IPS)#Application-level inspection

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice