Which characteristic is a potential security weakness of a traditional stateful firewall?
A.
It cannot support UDP flows.
B.
It cannot detect application-layer attacks.
C.
It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.
D.
It works only in promiscuous mode.
E.
The status of TCP sessions is retained in the state table after the sessions terminate.
F.
It has low performance due to the use of syn-cookies.
Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implement
ation_design_guide09186a00800fd670.html
Cisco IOS Firewall consists of several major subsystems:
• Stateful Packet Inspection provides a granular firewall engine
• Authentication Proxy offers a per-host access control mechanism
• Application Inspection features add protocol conformance checking and network use policy control
Enhancements to these features extend these capabilities to VRF instances to support multiple
virtual routers per device, and to Cisco Integrated Route-Bridging features to allow greater
deployment flexibility, reduce implementation timelines, and ease requirements to add security to
existing networks.