350-401 · Question #548
350-401 Question #548: Real Exam Question with Answer & Explanation
The correct answer is B: integrated intrusion prevention. Next-Generation Firewall (NGFW) Security Capabilities Next-generation firewalls introduce integrated intrusion prevention (B) and application-level inspection (C) as their defining new capabilities - these go far beyond what traditional firewalls offer by actively detecting and b
Question
Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)
Options
- AVPN
- Bintegrated intrusion prevention
- Capplication-level inspection
- DNAT
- Estateful packet inspection
Explanation
Next-Generation Firewall (NGFW) Security Capabilities
Next-generation firewalls introduce integrated intrusion prevention (B) and application-level inspection (C) as their defining new capabilities - these go far beyond what traditional firewalls offer by actively detecting and blocking threats within traffic and understanding traffic at Layer 7 (the application layer). The "next-generation" distinction specifically refers to this deep packet inspection and IPS integration, allowing NGFWs to identify applications regardless of port or protocol and stop sophisticated attacks inline.
The distractors - VPN (A), NAT (D), and stateful packet inspection (E) - are all capabilities found in traditional firewalls and are therefore not new capabilities introduced by NGFWs. Stateful packet inspection in particular is considered a baseline feature of conventional firewalls, while VPN and NAT have been standard networking features for decades.
🧠 Memory Tip: Think of NGFW as "smarter" firewalls - they add Intelligence (IPS) and Awareness (Application inspection). The acronym "IA" reminds you that NGFWs are about Intrusion prevention and Application-layer visibility, not legacy features like NAT, VPN, or stateful inspection.
Topics
Community Discussion
No community discussion yet for this question.