If the primary concern is to secure against application-specific attacks, which of the following strategies should the network security engineer consider implementing?

A company's web server is openly accessible to the internet, demanding heightened security measures. Considering the need for essential protocols and the introduction of a screened subnet, how should the company configure the firewall's access control lists (ACLs)?

A cyber team implements new hardening techniques after a data loss prevention (DLP) audit revealed increased data exfiltration. What is a tenet of host-based firewalls?

A newly established e-commerce company experienced increased web-based attacks on its online shopping platform. As a result, the company installed a Web Application Firewall (WAF) to enhance its security infrastructure. What primary function should the network security manager ensure the WAF is performing to protect the online platform from the MOST common types of web-based threats, such as Cross-site Scripting (XSS), Structured Query Language (SQL) Injection, and Cross-site Request Forgery?

Which of the following are features of an application-level gateway? (Select two.)

A network security administrator's responsibilities include enhancing the enterprise's network infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their defense strategy. The enterprise mixes internal and external services, including a web application and a virtual private network (VPN) for remote access. Which of the following should the administrator primarily consider when implementing the NGFW to ensure effective security without disrupting normal operations?

A security architect designs a solution to protect the organization's network from advanced threats and provides granular access controls based on user roles. The organization has a significant volume of TLS-encrypted traffic that needs inspection and wants to integrate the solution with its network directory for role-based content filtering. Which of the following should the security architect consider the MOST appropriate option?