Which firewall type inspects traffic up to Layer 7 and can identify applications regardless of port?
A CISSP practice question covering Domain 4: Communication and Network Security. Try answering before reading the explanation below.
Show options & answer
Why "Next-Generation Firewall (NGFW)" is the right answer
NGFWs combine stateful inspection with deep-packet inspection, application identification, IPS, and identity awareness. Stateful firewalls track connections but don't decode application protocols. Layer 4 proxies see ports/sessions only.
Study videos for this topic
Want to go deeper on Domain 4? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 4: OSI, IPsec, TLS & VoIP Security
Domain 4 — Communication and Network Security
CISSP Domain 4: Segmentation & Zero Trust Explained
Domain 4 — Communication and Network Security
CISSP Domain 4: Wi-Fi, WPA3, 5G & Cloud Security
Domain 4 — Communication and Network Security
CISSP Domain 4: NAC, Fiber, Firewalls & Endpoint Security
Domain 4 — Communication and Network Security
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.