Which statement about the capabilities of application-layer filtering is true?

Application-layer filtering decodes and understands the specific protocols in use (like HTTP, SMTP, or FTP) and then inspects the actual content being exchanged. This lets it enforce policies on the application data itself—for example, blocking certain URLs, scanning for malware payloads in web requests, or preventing data leakage by watching for sensitive patterns. That deeper visibility distinguishes it from filters that only look at IP addresses, ports, or transport headers and cannot see the payload. Since it operates with knowledge of the protocol semantics, it doesn’t ignore how the application data should be interpreted. Keep in mind that if traffic is encrypted, the payload isn’t visible unless the filter can terminate the TLS connection and decrypt the data.