312-50V10 · Question #304
One advantage of an application-level firewall is the ability to
The correct answer is B. filter specific commands, such as http:post.. Application-level firewalls (Layer 7 proxies) can inspect and filter specific application-layer commands such as HTTP POST, which packet-filtering firewalls cannot.
Question
One advantage of an application-level firewall is the ability to
Options
- Afilter packets at the network level.
- Bfilter specific commands, such as http:post.
- Cretain state information for each packet.
- Dmonitor tcp handshaking.
How the community answered
(30 responses)- B90% (27)
- C3% (1)
- D7% (2)
Why each option
Application-level firewalls (Layer 7 proxies) can inspect and filter specific application-layer commands such as HTTP POST, which packet-filtering firewalls cannot.
Filtering packets at the network level is the function of a packet-filtering firewall operating at Layer 3/4, not an application-level firewall.
Application-level firewalls operate at OSI Layer 7 and fully understand application protocols, allowing them to permit or deny specific commands like HTTP GET, POST, or PUT. This granular control over application behavior is the defining advantage over lower-layer firewalls, which only see IP addresses and port numbers.
Retaining state information per packet is the characteristic of a stateful inspection firewall, not specifically an application-level firewall.
Monitoring TCP handshaking is performed by stateful firewalls that track connection state at the transport layer, which is below the application layer.
Concept tested: Application-layer firewall deep packet inspection capabilities
Source: https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/A-H/asa-command-ref-A-H/a-commands.html
Topics
Community Discussion
No community discussion yet for this question.