Which of the following statements is true of all firewalls? (Select the best answer.)
A.
They maintain a state table.
B.
They hide the source of network connections.
C.
They operate at Layer 7 of the OSI model.
D.
They are multihomed devices.
Explanation:
All firewalls are multihomed devices. A multihomed device is a device that connects to more than one network
segment. The purpose of a firewall is to block undesired network traffic and to allow desired network traffic to
pass from one network interface to another.
Some firewalls, such as proxy firewalls, can be configured to hide the source of network connections. However,
stateful firewalls and packet filtering firewalls are not typically configured to hide the source of network
connections. A proxy firewall terminates the connection with the source device and initiates a new connection
with the destination device, thereby hiding the true source of the traffic. When the reply comes from the
destination device, the proxy firewall forwards the reply to the original source device. Network Address
Translation (NAT) and Port Address Translation (PAT) can also be used to hide the source of network
connections.
Some firewalls, such as stateful firewalls, maintain a state table. However, other firewalls, such as packet
filtering firewalls, do not. A stateful firewall makes filtering decisions based on the state of each session. When
an outbound session is initiated, the stateful firewall will create an entry in the firewall’s state table and
dynamically allow the return traffic in the inbound direction. Inbound traffic from other sources will be blocked
unless there is a corresponding outbound session listed in the state table.
A packet filtering firewall makes simple filtering decisions based on each individual packet. As a result, packet
filtering firewalls are not particularly flexible. For example, if you want to configure traffic on a port to flow
inbound as well as outbound, you must open up the port in both directions. However, doing so might expose the
internal network to undesirable inbound traffic on that port. Therefore, stateful firewalls are more secure than
packet filtering firewalls.
Some firewalls, such as applicationlevel proxy firewalls, operate at Layer 7 of the Open Systems
Interconnection (OSI) model, which is called the Application layer. However, stateful firewalls and packet
filtering firewalls operate at the Network and Transport layers. An applicationlevel proxy firewall can make
filtering decisions based on Application layer data. However, to do so, the firewall must be able to understand
the corresponding Application layer protocol. As a result, applicationlevel proxy firewalls are often designed to
filter data for a particular Application layer protocol, such as Hypertext Transfer Protocol (HTTP) or File
Transfer Protocol (FTP). For example, an HTTP proxy can block malicious or otherwise undesirable web traffic,
but it might not be able to block malicious FTP traffic.CCNA Security 210260 Official Cert Guide, Chapter 14, Firewall Technologies, p. 358