How do host-based application firewalls operate?

• A. They monitor application system calls or general system communication on a per-process basis.
• B. They monitor only network-level packets, not processes.
• C. They protect all hosts on the network.
• D. They block all process-level access by default.

Answer: (B)

Host-based application firewalls enforce security at the level of individual applications running on a host. They hook into the operating system to watch what a specific process does—such as the system calls it makes, how it communicates with other processes, and whether it attempts to open network connections or access resources—and then apply rules per process. This per-process, application-centric enforcement is what distinguishes an application firewall from a plain network firewall, which only examines network packets and traffic flow without regard to which program on the host originated them. So, the best description is that these firewalls monitor application system calls or inter-process communication on a per-process basis, blocking or permitting actions based on which application is making them.