ISC2 CISSP Practice Question

A healthcare organization needs to implement a security solution at their network perimeter. The solution must differentiate access controls based on specific applications being used, integrate with their corporate directory for user authentication, and perform content inspection beyond simple port filtering. Which of the following would best address these requirements?

Layer 3 Gateway
Next-Generation Firewall
Application Proxy
Stateful Packet Filter

Report Issue

Answer Description

The correct answer is Next-Generation Firewall. NGFWs extend traditional firewall capabilities by using deep packet inspection to identify the actual application in use, regardless of port or protocol, and by tying rules to user identities obtained from directory services such as LDAP or Active Directory. This lets administrators create granular policies like "allow radiology staff to use the imaging system but block social-media posting," while simultaneously scanning the packet payload for malware or policy violations.

Layer 3 gateways (basic routers or network firewalls) decide primarily on IP addresses and ports and have no application or user awareness. Application proxies (application-layer gateways) can authenticate users and enforce detailed checks for a single protocol (for example, HTTP or FTP), but they do not provide a unified, multi-protocol control plane or the breadth of integrated threat-prevention features of an NGFW. Stateful packet filters track connection state, improving on static filters, yet their decisions are still made on network- and transport-layer information, not on the application or content itself.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What additional features do Next-Generation Firewalls offer beyond traditional firewalls?

Open an interactive chat with Bash

How does deep packet inspection enhance security in a Next-Generation Firewall?

Open an interactive chat with Bash

What is the importance of integrating firewalls with corporate directory services?

Open an interactive chat with Bash

ISC2 CISSP

Communication and Network Security

Your Score:

Settings & Objectives

Security and Risk Management

Asset Security

Security Architecture and Engineering

Communication and Network Security

Identity and Access Management (IAM)

Security Assessment and Testing

Security Operations

Software Development Security

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Wipe Score

Bash, the Crucial Exams Chat Bot

AI Bot

ISC2 CISSP Practice Question

Answer Description

Ask Bash

What additional features do Next-Generation Firewalls offer beyond traditional firewalls?

How does deep packet inspection enhance security in a Next-Generation Firewall?

What is the importance of integrating firewalls with corporate directory services?

Monthly

$19.99

Billed monthly,
Cancel any time.

3 Month Pass

$44.99

One time purchase of $44.99,
Does not auto-renew.

Annual Pass

$119.99

One time purchase of $119.99,
Does not auto-renew.

Lifetime Pass

$189.99

One time purchase,
Good for life.

All Exams

Unlimited Tests

Unlimited Questions

AI Tutor

Track scores

Report Cards

Voucher Discounts

Advanced PBQs

Included Exams