312-39 · Question #73
312-39 Question #73: Real Exam Question with Answer & Explanation
The correct answer is B. Packet filters. Packet filters are a network security control that inspects packet headers (source/destination IP, ports, protocol flags) to allow or block traffic. Their known limitation is that they generally do not inspect encrypted payload content; they can see metadata but not the applicati
Question
Options
- AVPN
- BPacket filters
- CSSH
- DIPsec
Explanation
Packet filters are a network security control that inspects packet headers (source/destination IP, ports, protocol flags) to allow or block traffic. Their known limitation is that they generally do not inspect encrypted payload content; they can see metadata but not the application-layer data inside TLS/SSL sessions. The scenario describes a solution that “inspects data packets in real time” but struggles with encrypted traffic, which aligns with packet filtering and other header-based inspection approaches. VPN, SSH, and IPsec are encryption technologies/protocols themselves, not the inspection control; they create encrypted tunnels that make payload inspection harder. From a SOC limited for detecting threats embedded in encrypted sessions. To improve visibility, SOC teams often complement packet filters with TLS termination at controlled points (proxies), endpoint telemetry (process initiating connection), and flow analytics (NetFlow/IPFIX) to detect anomalies in encrypted traffic based on behavior and metadata.
Community Discussion
No community discussion yet for this question.