Which three key features do next-generation firewalls provide that legacy firewalls do not? (Choose three.)

Next-generation firewalls (NGFWs) incorporate advanced features that address modern security challenges, which legacy firewalls typically do not support. Among the key capabilities of NGFWs is application visibility and control, which enables administrators to understand and manage the applications being used on the network. This feature allows for more granular policies that can apply to specific applications, rather than just relying on port numbers and protocols, enhancing security by allowing or blocking applications based on user needs or potential risks.

Additionally, next-generation firewalls integrate an intrusion prevention system (IPS), which actively monitors network traffic and prevents attempts to exploit vulnerabilities. This proactive defense mechanism is essential in the contemporary threat landscape where signature-based defense alone is inadequate against sophisticated attacks.

Moreover, many NGFWs also include a web application firewall (WAF) as part of their offering, which is specifically designed to protect web applications from attacks such as SQL injection and cross-site scripting (XSS), ensuring more robust application-level security than a traditional firewall could provide.

In contrast, basic packet filtering is a function associated with legacy firewalls, which typically only examine packet headers and establish basic rules based on IP addresses and port numbers, lacking the comprehensive visibility and control that modern threats require. Thus, while legacy firewalls