How does a host-based application firewall define rules for processes?

• A. By evaluating user passwords at login.
• B. By using prompts for processes that have not yet received a connection.
• C. By statically listing all executables on the system.
• D. By analyzing IP addresses in the packet header only.

Answer: (B)

Host-based application firewalls manage access at the process level by intercepting actions as programs run and deciding whether to allow them to proceed. The idea of prompting for processes that have not yet received a connection captures this dynamic control: when a new process tries to communicate, the firewall can prompt the user or apply a policy to decide whether that executable should be allowed. This is how per-process rules are created and updated on the fly, enabling fine-grained control over software behavior.

Other options don’t fit because evaluating passwords at login relates to user authentication rather than per-process network access; statically listing all executables is impractical and inflexible as software changes; and analyzing IP addresses in the packet header only targets the network layer, not the application-process level that the host-based firewall manages.