Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) — Question 605

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)

Answer options

• A. stateful packet inspection
• B. integrated intrusion prevention
• C. NAT
• D. VPN
• E. application-level inspection

Correct answer: B, E

Explanation

The correct answers are B and E because a next-generation firewall includes integrated intrusion prevention systems that actively monitor and block threats, as well as application-level inspection that analyzes traffic for application-specific vulnerabilities. Options A, C, and D refer to traditional firewall functions or services that do not represent the advanced capabilities of next-generation firewalls.