Network Defense Module 5.3.2 Firewall Technologies Quiz Questions Exam Answers
1. Which statement is a characteristic of a packet filtering firewall?
- They are susceptible to IP spoofing.
- They examine each packet in the context of the state of a connection.
- They have a high impact on network performance.
- They filter fragmented packets.
Explanation: Packet filtering firewalls have a low impact on network performance. They are stateless, examining each packet individually and they do not filter fragmented packets well.
2. What is one benefit of using a next-generation firewall rather than a stateful firewall?
- integrated use of an intrusion prevention system (IPS)
- reactive protection against Internet threats
- support of logging
- support of TCP-based packet filtering
Explanation: Stateful firewalls and next-generation firewalls provide better log information than a packet filtering firewall, both defend against spoofing, and both filter unwanted traffic. Next-generation firewalls provide the following benefits over stateful firewalls:
- Granularity control within applications
- Website and application traffic filtering based on site reputation
- Proactive rather than reactive protection from Internet threats
- Enforcement of security policies based on multiple criteria including user, device, role, application, and threat profile
- Improved performance with NAT, VPN, and stateful inspections
- Integrated IPS
3. What are two characteristics of an application gateway firewall? (Choose two.)
- Performs most filtering and firewall control in software.
- Provides an integrated intrusion prevention and detection feature.
- Uses connection information maintained in a state table and analyzes traffic at OSI Layers 3, 4, and 5.
- Analyzes traffic at Layers 3, 4, 5 and 7 of the OSI model.
- Uses a simple policy table look-up to filter traffic based on Layer 3 and Layer 4 information.
Explanation: An application gateway firewall is able to filter information at Layers 3, 4, 5, and 7 of the OSI reference model. When using this type of firewall, most firewall control and filtering is done in software.
4. What are two benefits of implementing a firewall in a network? (Choose two.)
- A firewall will sanitize protocol flow.
- A firewall will inspect network traffic and forward traffic based solely on the Layer 2 Ethernet MAC address.
- A firewall will reduce security management complexity.
- A firewall will provide accessibility of applications and sensitive resources to external untrusted users.
- A firewall will prevent unauthorized traffic from being tunneled or hidden as legitimate traffic through an enterprise network.
Explanation: There are several benefits of using a firewall in a network:
- It prevents the exposure of sensitive hosts, resources, and applications to untrusted users.
- It sanitizes protocol flow, which prevents the exploitation of protocol flaws.
- It blocks malicious data from servers and clients.
- It reduces security management complexity by off-loading most of the network access control to a few firewalls in the network.
5. Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?
- proxy firewall
- next generation firewall
- stateful firewall
- packet filtering firewall
Explanation: A packet filtering firewall uses a simple policy table look-up that filters traffic based on specific criteria. These firewalls are usually part of a router firewall. They permit or deny traffic based on Layer 3 and Layer 4 information.
6. Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)
- Layer 1
- Layer 2
- Layer 3
- Layer 4
- Layer 5
- Layer 7
Explanation: A stateful firewall provides filtering at the network layer, but also analyzes traffic at OSI Layer 4 and Layer 5.
7. Which type of firewall is supported by most routers and is the easiest to implement?
- application gateway firewall
- stateful firewall
- next generation firewall
- packet filtering firewall
Explanation: A packet filtering firewall uses a simple policy table look-up that filters traffic based on specific criteria and is considered the easiest firewall to implement.
8. Which type of firewall generally has a low impact on network performance?
- stateless firewall
- application gateway firewall
- next generation firewall
- stateful firewall
Explanation: A stateless firewall uses a simple policy table look-up that filters traffic based on specific criteria and causes minimal impact on network performance.
9. Which two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)
- ICMP
- UDP
- HTTP
- FTP
- TCP
Explanation: Connectionless protocols, such as ICMP and UDP, are not stateful and do not generate connection information for a state table.
10. Which type of traffic is usually blocked when implementing a demilitarized zone?
- traffic originating from the DMZ network and traveling to the private network
- traffic that is returning from the public network and traveling to the DMZ network
- traffic originating from the private network and traveling to the DMZ network
- traffic that is returning from the DMZ network and traveling to the private network
Explanation: A firewall will usually block traffic that is originating from the DMZ network and traveling to the private network. If traffic originated from the private network and the DMZ is sending returning traffic to the private network, then it will be allowed.
11. How does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?
- Traffic is usually allowed when it is originating from the DMZ network and traveling to a private network.
- Traffic is allowed when it is originating from the private network, but the response traffic from the DMZ network will be blocked.
- Traffic is usually blocked when it is originating from the DMZ network and traveling to a private network.
- Traffic is usually not filtered using firewall rules when it is originating from the DMZ network and traveling to a private network.
Explanation: A firewall will usually block traffic that is originating from the DMZ network and traveling to the private network. If traffic originated from the private network and the DMZ is sending returning traffic to the private network, then it will be allowed.
12. When implementing a ZPF, which statement describes a zone?
- A zone is a group of one or more devices that provide backup and disaster recovery mechanisms.
- A zone is a group of administrative devices that protect against rogue access point installations.
- A zone is a group of hardened computers known as bastion hosts.
- A zone is a group of one or more interfaces that have similar functions or features.
Explanation: When implementing a zone-based policy firewall (ZPF), a zone is a group of one or more interfaces that have similar functions or features.