Which of the following best describes the main difference between a stateful firewall and a stateless firewall?
Think about whether the firewall remembers previous packets or treats each packet on its own.
Stateful firewalls keep track of the connection state and context, allowing them to make more informed decisions. Stateless firewalls treat each packet independently without memory of past packets.
What is the main role of a packet filter firewall in network security?
Consider what basic information is available in packet headers.
Packet filter firewalls examine packet headers such as IP addresses and port numbers to decide whether to allow or block packets.
Given these firewall rules applied in order, what will happen to a packet from IP 192.168.1.10 to port 80?
1. Deny all traffic from 192.168.1.0/24 2. Allow traffic to port 80
Remember that firewall rules are processed in order, and the first matching rule applies.
The first rule denies all traffic from the 192.168.1.0/24 subnet, so the packet is blocked before reaching the allow rule.
Which firewall type is best suited for filtering traffic based on application data, such as HTTP requests?
Think about which firewall can inspect the actual content of the communication.
Proxy firewalls act as intermediaries and can inspect application layer data, allowing them to filter based on content like HTTP requests.
A network administrator notices that unauthorized traffic is passing through the firewall despite rules blocking it. Which of the following is the most likely cause?
Consider how rule order and overlaps affect firewall behavior.
Overlapping rules where an allow rule appears before a block rule can cause unauthorized traffic to pass through because the first matching rule is applied.