312-50V13 Question #301: Real Exam Question with Answer & Explanation

Question

If you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. What do you know about the firewall you are scanning?

Options

• AThere is no firewall in place.
• BThis event does not tell you encrypting about the firewall.
• CIt is a stateful firewall
• DIt Is a non-stateful firewall.

Explanation

TCP ACK to Closed Port – Firewall Analysis

Sending a TCP ACK segment to a known closed port is a classic firewall fingerprinting technique. A stateful firewall tracks the state of active connections in a session table; since it has no record of a legitimate connection being established, it silently drops the unsolicited ACK rather than responding with an RST - this is why option C is correct.

Why the distractors are wrong:

• A is incorrect because the absence of a firewall would typically mean the host's TCP stack responds with an RST, since ACKs to closed ports normally trigger that response.
• B is incorrect because this technique does reveal meaningful information - specifically, stateful inspection behavior.
• D is incorrect because a non-stateful (stateless/packet-filter) firewall inspects each packet in isolation and would likely pass the ACK through, causing the target to reply with an RST.

🧠 Memory Tip: Think "Stateful = Selective memory" - a stateful firewall remembers valid sessions and silently drops anything that doesn't match, while a stateless firewall has no memory and just applies simple rules packet-by-packet.

No community discussion yet for this question.