Which SPI firewall rule applies to packets that only have their TCP ACK bits set but no other flags?

Prepare for the Network Security Examination by mastering key concepts in cybersecurity. Utilize interactive questions and detailed explanations to enhance your knowledge. Excel in your exam with our comprehensive preparation resources!

Multiple Choice

Which SPI firewall rule applies to packets that only have their TCP ACK bits set but no other flags?

Stateful handling of TCP connections is what this question is about. An ACK-only segment, with no SYN or other flags, is a packet that belongs to an already established TCP connection. A firewall that does SPI (stateful) keeps a record of active connections and allows traffic that is part of those connections. Therefore, an ACK packet is allowed when it matches an existing, previously approved connection in the firewall’s state table. If there isn’t a matching connection, the firewall would drop it to prevent unsolicited or potentially harmful traffic.

That’s why the correct approach is: pass the packet if it is part of a previously approved connection. The other options either rely solely on ACLs without considering connection state or are too permissive, which isn’t how stateful inspection handles TCP traffic.

Which SPI firewall rule applies to packets that only have their TCP ACK bits set but no other flags?

Prepare for the Network Security Examination by mastering key concepts in cybersecurity. Utilize interactive questions and detailed explanations to enhance your knowledge. Excel in your exam with our comprehensive preparation resources!

Which SPI firewall rule applies to packets that only have their TCP ACK bits set but no other flags?

Get the latest from Passetra