In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that does not attempt to open a connection.

Prepare for the Network Security Examination by mastering key concepts in cybersecurity. Utilize interactive questions and detailed explanations to enhance your knowledge. Excel in your exam with our comprehensive preparation resources!

Multiple Choice

In ingress and egress filtering, an SPI firewall always considers its ACL rules when a new packet arrives that does not attempt to open a connection.

Explanation:
State tracking is what makes a stateful firewall different from a purely rule-based one. It watches each connection from start to finish and remembers which packets belong to that connection. When a packet tries to start a new connection, the firewall checks its ACLs to decide if that initial handshake is allowed. If allowed, a state entry is created and that connection is trusted moving forward. After a connection is established, packets that are part of that same connection are permitted based on the stored state. The firewall doesn’t re-evaluate the ACL for every subsequent packet in that flow; it relies on the connection state to allow or drop traffic. So, for a new packet that isn’t initiating a new connection but is part of an already established one, the firewall doesn’t “always” consult ACL rules again. It uses the state table instead. That’s why the statement is not correct.

State tracking is what makes a stateful firewall different from a purely rule-based one. It watches each connection from start to finish and remembers which packets belong to that connection.

When a packet tries to start a new connection, the firewall checks its ACLs to decide if that initial handshake is allowed. If allowed, a state entry is created and that connection is trusted moving forward.

After a connection is established, packets that are part of that same connection are permitted based on the stored state. The firewall doesn’t re-evaluate the ACL for every subsequent packet in that flow; it relies on the connection state to allow or drop traffic.

So, for a new packet that isn’t initiating a new connection but is part of an already established one, the firewall doesn’t “always” consult ACL rules again. It uses the state table instead. That’s why the statement is not correct.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy