Which statement describes how application layer filtering decisions can be made?

• A. It cannot inspect application-layer data.
• B. It allows decisions based on more than just source/destination IP addresses or ports.
• C. It ignores IP addresses entirely.
• D. It only uses MAC addresses.

Answer: (B)

Application-layer filtering decisions rely on inspecting the actual application data carried in the connection, not just the basic network information. This means the filter can look at the content and context of the traffic—such as HTTP headers, URLs, hostnames, cookies, or email subjects—and make decisions based on that information, in addition to where the traffic is going. That’s why this statement is the best: it captures the ability to base policies on more than just source or destination IP addresses and ports. In practice, you might block a specific URL, allow only certain commands in FTP, or filter messages by content, which requires understanding the application protocol itself. The other statements don’t fit because they imply the filter can’t inspect application data, ignores IPs altogether, or relies only on MAC addresses, none of which describes how application-layer filtering actually works.