EC-Council
312-50V11 · Question #548
312-50V11 Question #548: Real Exam Question with Answer & Explanation
The correct answer is A: Packet filter. A packet filter firewall operates at the network layer and makes allow/deny decisions based solely on header fields such as source/destination IP, port, and protocol.
Evading IDS, Firewalls, and Honeypots
Question
Which of the following types of firewall inspects only header information in network traffic?
Options
- APacket filter
- BStateful inspection
- CCircuit-level gateway
- DApplication-level gateway
Explanation
A packet filter firewall operates at the network layer and makes allow/deny decisions based solely on header fields such as source/destination IP, port, and protocol.
Common mistakes.
- B. Stateful inspection firewalls track the state of active connections in a state table, examining both header information and connection context - not just headers alone.
- C. Circuit-level gateways operate at the session layer and monitor the TCP handshake to validate sessions, going beyond simple header inspection.
- D. Application-level gateways (proxy firewalls) inspect the full packet payload at the application layer, performing deep content inspection far beyond header fields.
Concept tested. Packet filter firewall header-only inspection
Reference. https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
Topics
#packet filter#firewall types#header inspection#network traffic
Community Discussion
No community discussion yet for this question.