nerdexam
(ISC)2

CISSP · Question #991

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) tra

The correct answer is C. Application-Level Proxy. An application-level proxy is a type of proxy server that operates at the application layer of the OSI model and acts as an intermediary between the client and the server. An application-level proxy can analyze traffic for protocol manipulation and various sorts of common attacks

Submitted by ricky.ec· Mar 5, 2026Communication and Network Security

Question

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?

Options

  • AIntrusion detection system (IDS)
  • BCircuit-Level Proxy
  • CApplication-Level Proxy
  • DHost-based Firewall

How the community answered

(28 responses)
  • A
    14% (4)
  • B
    29% (8)
  • C
    50% (14)
  • D
    7% (2)

Explanation

An application-level proxy is a type of proxy server that operates at the application layer of the OSI model and acts as an intermediary between the client and the server. An application-level proxy can analyze traffic for protocol manipulation and various sorts of common attacks, such as buffer overflow, SQL injection, and cross-site scripting. An application-level proxy can also inspect all URL traffic and prevent users from browsing inappropriate websites by using blacklists, whitelists, or content filtering. An application-level proxy can also log user traffic for later analysis and provide audit trails. An intrusion detection system (IDS) is a type of security device that monitors network or system activities and detects malicious or anomalous behavior. However, an IDS does not inspect URL traffic or prevent users from browsing inappropriate websites. A circuit- level proxy is a type of proxy server that operates at the transport layer of the OSI model and establishes a connection between the client and the server. However, a circuit-level proxy does not analyze or inspect the traffic content or prevent users from browsing inappropriate websites. A host-based firewall is a type of firewall that is installed on a host and controls the incoming and outgoing traffic to and from that host. However, a host-based firewall does not analyze traffic for protocol manipulation or common attacks, nor does it inspect URL traffic or prevent users from browsing inappropriate websites.

Topics

#application-level proxy#URL filtering#traffic inspection#network security device

Community Discussion

No community discussion yet for this question.

Full CISSP Practice