Which type of attack is likely to cross the firewall, making it possible for an NGFW to intervene?

The correct answer is the one identifying external denial-of-service attacks as the type that can cross the firewall, allowing a Next-Generation Firewall (NGFW) to intervene. External denial-of-service attacks involve overwhelming a target's resources, such as bandwidth or server capacity, with an excessive volume of traffic from external sources.

Since this type of attack often targets the network itself, it can be detected and mitigated by a firewall that monitors incoming traffic for anomalies indicative of such an attack. NGFWs contain advanced capabilities, including traffic analysis and intelligence-driven controls, enabling them to identify and block malicious traffic before it can affect the internal network.

In contrast, the other types of attacks mentioned differ fundamentally in how they operate and their relationship with network infrastructure. Social engineering attacks primarily exploit human psychology and do not often involve network traffic that the firewall can inspect. Insider threats tend to originate from within the organization and may evade traditional security measures like firewalls since the malicious activity occurs after the user has already bypassed external defenses. Fileless malware utilizes legitimate system tools to execute malicious payloads, often making it difficult for a firewall to detect, as it does not rely on classic malware vectors that might be blocked at the firewall level. Thus, external denial-of-service