CompTIA Security+ (SY0-601) — Question 386

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommend?

Answer options

• A. A content filter
• B. A WAF
• C. A next-generation firewall
• D. An IDS

Correct answer: C

Explanation

The correct answer is C, a next-generation firewall, as it provides advanced security features including deep packet inspection and application awareness, which help in preventing unauthorized access through exploited protocols. Options A and B, while useful for filtering content and web application security respectively, do not offer the same level of comprehensive protocol misuse protection. Option D, an IDS, primarily focuses on detecting intrusions rather than actively preventing them.