Which of the following statements is true regarding traditional stateful packetfiltering firewalls? (Select the best
answer.)
A.
They are more efficient than stateless packetfiltering firewalls.
B.
They can operate at Layers 3, 4, 5, and 7 of the OSI model.
C.
They prevent more types of attacks than Application layer firewalls do.
D.
They can defend against DoS attacks.
Explanation:
Stateful packetfiltering firewalls can defend against Denial of Service (DoS) attacks. Stateful packetfiltering
firewalls use a state table to track session information. Session information is maintained and tracked by
stateful packetfiltering firewalls in order to determine whether packets should be permitted or blocked. For
example, when monitoring Transmission Control Protocol (TCP) traffic, the stateful packet filter adds an entry
to the state table when a TCP session is permitted. Subsequent packets are verified against the state table to
ensure that the packets belong to an established connection. If the TCP packet does not belong to an
established connection, the packets are dropped. Thus, if an attacker attempts to send a flood of packets to the
network, the packets will be dropped if they do not match a connection in the table.
By contrast, a stateless packetfiltering firewall, which is also referred to as a static packetfiltering firewall,
evaluates and either blocks or allows individual packets based on the Layer 3 and Layer 4 information in the
packet header. Specifically, stateless packetfiltering firewalls can use the source and destination IP addresses,
source and destination port numbers, and protocol type listed in the packet header? these values are
commonly known as the 5tuple. Because a stateless packetfiltering firewall allows all traffic from an approved
IP address, stateless packetfiltering firewalls are susceptible to IP spoofing attacks, which is a type of attack
wherein an attacker uses the source IP address of a trusted host to send messages to other computers. In
addition, because a stateless packetfiltering firewall does not maintain a table of active connections, it is more
efficient than a stateful packetfiltering firewall.
Traditional stateful packetfiltering firewalls can operate at Layers 3, 4, and 5 of the Open Systems
Interconnection (OSI) model but not at Layer 7. Application inspection firewalls, also known as application
proxies, can operate at Layer 7-the Application layer-as well as at Layers 3, 4, and 5. This enables application
inspection firewalls to prevent more types of attacks than traditional stateful packetfiltering firewalls do.
Because they can operate at the Application layer, application inspection firewalls can be used to prevent
applicationspecific traffic.CCNA Security 210260 Official Cert Guide, Chapter 14, Stateful Packet Filtering, pp. 363-364