Exam CISSP topic 1 question 187 discussion

Both application proxies and circuit-level proxies can potentially detect protocol manipulation, but they operate at different levels of the network stack and have different approaches.Application proxy works at the application layer and circuit level proxy at the session layer Application proxies are more suited for detecting protocol manipulation at the application layer, where they have visibility into the specifics of application-layer protocols. Circuit-level proxies, on the other hand, may be more focused on identifying anomalies or manipulation at the transport layer, based on patterns or behaviors that deviate from standard TCP behavior.

A. Application-Level Proxy An application-level proxy (also known as an application firewall or application gateway) can inspect traffic at the application layer and enforce policies based on application-specific rules. This allows administrators to analyze traffic, block inappropriate websites, and log user activity for further analysis. It provides granular control over the traffic and is well-suited for these requirements.

From a CISSP perspective, the solution that should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis is an Application-Level Proxy. An Application-Level Proxy operates at the application layer of the OSI model, allowing for deep inspection of network traffic. It can analyze traffic for protocol manipulation and various sorts of common attacks, while also allowing administrators to blacklist external sites and log user traffic for later analysis. Intrusion detection systems (IDS) are designed to detect and alert on malicious activity on the network, but they do not offer the same level of traffic analysis or control as an Application-Level Proxy. Host-based firewalls are designed to protect individual hosts from network attacks, but they do not offer the same level of network-wide control as a proxy. Circuit-level proxies do not offer the same level of traffic analysis or control as an Application-Level Proxy.

Host-based Firewall seems like a good fit here given that is calling out user behavior's e.g. blocking websites

We are talking about a webfilter here like ZScaler.

Answer is A. Confused me at 1st coz I thought it would be running on the actual application, but it's just a proxy server operating at the application layer of the OSI model.

Application proxies provide one of the most secure types of access you can have in a security gateway. An application proxy sits between the protected network and the network you want to be protected from. Every time an application makes a request, the application intercepts the request to the destination system.