CAS-003 · Question #281
CAS-003 Question #281: Real Exam Question with Answer & Explanation
The correct answer is A: TCP sessions are traversing one firewall and return traffic is being sent through the. A correctly identifies asymmetric routing as the root cause. Stateful firewalls maintain a session state table: when a TCP connection is initiated, the firewall records the session (source/destination IP, ports, TCP flags). For return traffic to be allowed, the return packet must
Question
Options
- ATCP sessions are traversing one firewall and return traffic is being sent through the
- BTCP and UDP sessions are being balanced across both firewalls and connections are
- CPrioritize UDP traffic and associated stateful UDP session information is traversing the
- DThe firewall administrator connected a dedicated communication cable between the firewalls
Explanation
A correctly identifies asymmetric routing as the root cause. Stateful firewalls maintain a session state table: when a TCP connection is initiated, the firewall records the session (source/destination IP, ports, TCP flags). For return traffic to be allowed, the return packet must pass through the same firewall that recorded the session. In an active/passive cluster without proper routing configuration, outbound traffic may exit through the active firewall, but return traffic from the external client may arrive through a different path and hit the passive firewall - which has no record of the session in its state table. It then drops the packet as unsolicited. Proper active/passive clustering requires that all traffic for a given session traverse the same node, or that state is synchronized between nodes.
Community Discussion
No community discussion yet for this question.