CAS-002 · Question #281
CAS-002 Question #281: Real Exam Question with Answer & Explanation
The correct answer is A: TCP sessions are traversing one firewall and return traffic is being sent through the. In an active/passive stateful firewall cluster, asymmetric routing causes dropped connections when TCP session state exists only on one firewall and return traffic arrives at the other. The firewall with no matching session entry drops the packets.
Question
Options
- ATCP sessions are traversing one firewall and return traffic is being sent through the
- BTCP and UDP sessions are being balanced across both firewalls and connections are
- CPrioritize UDP traffic and associated stateful UDP session information is traversing the
- DThe firewall administrator connected a dedicated communication cable between the firewalls
Explanation
In an active/passive stateful firewall cluster, asymmetric routing causes dropped connections when TCP session state exists only on one firewall and return traffic arrives at the other. The firewall with no matching session entry drops the packets.
Common mistakes.
- B. Active/passive clusters do not simultaneously load-balance sessions across both firewalls - only one is active at a time, so sessions cannot be split across both in normal operation.
- C. UDP is connectionless and stateful UDP tracking is less common; prioritizing UDP would not explain dropped TCP connections, which are the typical reported symptom.
- D. A dedicated communication cable between firewalls serves as a state synchronization link, which would help prevent dropped connections by replicating session tables - it is a solution, not a cause of the problem.
Concept tested. Stateful firewall clustering and asymmetric routing
Community Discussion
No community discussion yet for this question.