CISSP Question #1403: Real Exam Question with Answer & Explanation

Question

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

Options

• AThe SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol
• BThe SPI inspects the traffic in the context of a session.
• CThe SPI is capable of dropping packets based on a pre-defined rule set.
• DThe SPI inspects traffic on a packet-by-packet basis.

Explanation

A stateful packet inspection firewall is a type of firewall that keeps track of the state of network connections, such as TCP sessions or UDP datagrams, and inspects the traffic in the context of a session. This means that the SPI firewall can analyze the packets not only based on the header information, such as source and destination IP addresses, ports, and protocols, but also based on the content and sequence of the packets, such as flags, sequence numbers, and payloads. This allows the SPI firewall to detect and prevent more sophisticated attacks, such as fragmentation attacks, spoofing attacks, and application layer attacks, that a stateless packet filter firewall cannot. A stateless packet filter firewall is a type of firewall that inspects the traffic on a packet-by- packet basis, and only based on the header information. It does not keep track of the state of network connections, and does not examine the content or sequence of the packets. It is faster and simpler than a stateful packet inspection firewall, but also less secure and more vulnerable to

No community discussion yet for this question.