Which statements about application control are correct? (Choose two.)

Focusing on the correct answer, application control utilizes the IPS (Intrusion Prevention System) engine because it relies on deep packet inspection and identification techniques to classify and manage applications traversing the network. The IPS engine can analyze traffic patterns and application behaviors, enabling effective filtering and control over the applications that are allowed or denied on the network. This capacity enhances network security by preventing unauthorized applications from consuming bandwidth or introducing vulnerabilities.

The option indicating that application control can be applied to SSL encrypted traffic is also a valid statement. Modern application control implementations are capable of inspecting SSL traffic, provided that appropriate configurations are in place, such as deploying SSL decryption techniques. This capability is essential for maintaining visibility into encrypted application traffic, which increasingly dominates internet communication.

The other options regarding application control being based on the AV (Antivirus) engine or not being applicable to SSL encrypted traffic do not align with the functionalities of application control. Application control operates distinctly from antivirus mechanisms, which focus on detecting and mitigating malware, while the ability to inspect SSL traffic underscores the importance of comprehensive security measures in a contemporary network environment.