16 Mar Practice Test Question – Firewalls
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Which one of the following firewall types is capable of monitoring connection status by tracking the stages of the TCP handshake and then using that information when deciding whether to allow future packets that are part of an active connection?
A. Router ACL
B. Packet filter
C. Stateful inspection
D. Stateless firewall
Correct Answer: C
Stateful inspection firewalls monitor connection status by tracking the TCP handshake. They maintain a table of active connections and automatically allow traffic that is part of an established connection without requiring the reevaluation of the ruleset for each packet. The other firewall types listed are more primitive and do not track connection status. They simply reevaluate every packet that they receive.