Which statement best describes the difference between security intelligence and typical firewall ACLs in preventing malicious traffic?
A . Security intelligence uses a dictionary list of keywords, which, if detected in the data payload, will trigger a security event.
B . Using intelligence feeds that provide IP addresses with known bad reputations, malicious activity is blocked before any other policy-based inspection, analysis, or traffic handling is performed.
C . ACLs provide a more granular ability to control known bad IP addresses that have a poor reputation. Security intelligence feeds are broader in scope.
D . Security intelligence feeds can be used to detect security issues in improperly configured ACLs.
E . ACLs provide superior reflexive ACL entries, based on the known IP address that has a poor reputation, which will automatically be installed in the inspection engine of NGFWs.
Answer: B
Leave a Reply