nerdexam
EC-Council

312-50V11 · Question #548

Which of the following types of firewall inspects only header information in network traffic?

The correct answer is A. Packet filter. A packet filter firewall operates at the network layer and makes allow/deny decisions based solely on header fields such as source/destination IP, port, and protocol.

Evading IDS, Firewalls, and Honeypots

Question

Which of the following types of firewall inspects only header information in network traffic?

Options

  • APacket filter
  • BStateful inspection
  • CCircuit-level gateway
  • DApplication-level gateway

How the community answered

(39 responses)
  • A
    90% (35)
  • B
    3% (1)
  • C
    3% (1)
  • D
    5% (2)

Why each option

A packet filter firewall operates at the network layer and makes allow/deny decisions based solely on header fields such as source/destination IP, port, and protocol.

APacket filterCorrect

Packet filter firewalls inspect only the header information of each packet - including IP addresses, TCP/UDP port numbers, and protocol type - without examining payload contents or tracking connection state. Each packet is evaluated independently against a static rule set. This makes them fast but limited, as they cannot detect attacks embedded in packet payloads.

BStateful inspection

Stateful inspection firewalls track the state of active connections in a state table, examining both header information and connection context - not just headers alone.

CCircuit-level gateway

Circuit-level gateways operate at the session layer and monitor the TCP handshake to validate sessions, going beyond simple header inspection.

DApplication-level gateway

Application-level gateways (proxy firewalls) inspect the full packet payload at the application layer, performing deep content inspection far beyond header fields.

Concept tested: Packet filter firewall header-only inspection

Source: https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html

Topics

#packet filter#firewall types#header inspection#network traffic

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice