312-50V10 Question #548: Real Exam Question with Answer & Explanation

The correct answer is A. Packet filter. A packet filter firewall operates at the network layer and makes decisions based solely on header fields such as source/destination IP address, port numbers, and protocol type, without examining payload content or tracking connection state.

Evading IDS, Firewalls, and Honeypots

Question

Which of the following types of firewall inspects only header information in network traffic?

Options

APacket filter
BStateful inspection
CCircuit-level gateway
DApplication-level gateway

Explanation

A packet filter firewall operates at the network layer and makes decisions based solely on header fields such as source/destination IP address, port numbers, and protocol type, without examining payload content or tracking connection state.

Common mistakes.

B. Stateful inspection firewalls go beyond headers by tracking the state of active connections in a state table, allowing them to make context-aware decisions based on whether a packet belongs to an established session.
C. Circuit-level gateways operate at the session layer and validate TCP handshakes to verify that sessions are legitimate before allowing traffic, which involves more than just header inspection.
D. Application-level gateways (proxy firewalls) perform deep packet inspection at Layer 7, analyzing the full application payload and protocol behavior, which is far more than header-only inspection.

Concept tested. Packet filter firewall header-only inspection behavior

Reference. https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-statefulinspection.html

Topics

#packet filter#firewall types#header inspection#network filtering

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice