CISSP · Question #312
CISSP Question #312: Real Exam Question with Answer & Explanation
The correct answer is A: Application proxy. P2P traffic is notoriously difficult to filter because it uses dynamic ports and can disguise itself as legitimate traffic; an application proxy operates at Layer 7 and can inspect actual application content to identify and block P2P protocols regardless of port.
Question
Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?
Options
- AApplication proxy
- BPort filter
- CNetwork boundary router
- DAccess layer switch
Explanation
P2P traffic is notoriously difficult to filter because it uses dynamic ports and can disguise itself as legitimate traffic; an application proxy operates at Layer 7 and can inspect actual application content to identify and block P2P protocols regardless of port.
Common mistakes.
- B. A port filter blocks traffic based solely on TCP/UDP port numbers, but P2P applications are specifically designed to bypass this by using dynamic, randomized, or well-known ports (e.g., port 80), making port-based filtering largely ineffective against modern P2P software.
- C. A network boundary router can apply ACLs and basic packet filtering, but it operates primarily at Layers 3–4 and lacks the application-layer visibility needed to reliably identify and block P2P traffic that disguises itself on allowed ports.
- D. An access layer switch operates at Layers 2–3 and is designed for network connectivity and VLAN segmentation, not traffic content inspection; it has no mechanism to analyze or filter application-layer P2P protocols.
Concept tested. Application-layer proxy filtering of P2P traffic
Reference. https://www.cisco.com/c/en/us/products/security/what-is-application-layer-filtering.html
Topics
Community Discussion
No community discussion yet for this question.