Cisco Cyber Security Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Enhance your Cisco Cyber Security knowledge. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your Cisco Cyber Security Exam with our comprehensive quiz!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

Which of the following is NOT a function of a stateful firewall?

  1. Tracking active connections

  2. Filtering based on IP addresses only

  3. Monitoring connection establishment

  4. Allowing or denying based on session state

The correct answer is: Filtering based on IP addresses only

A stateful firewall is designed to keep track of the state of active connections and make decisions based on the context of traffic flows. Its primary functions include tracking active connections, monitoring connection establishment and termination, and allowing or denying traffic based on the current state of the session. Filtering based solely on IP addresses, however, is characteristic of a stateless firewall. Stateless firewalls evaluate packets in isolation, meaning they do not maintain any internal record of the state of network connections. Therefore, their filtering capabilities are limited to criteria such as IP addresses and port numbers without considering the overall context of the communication session. In contrast, a stateful firewall incorporates session information, enhancing security by allowing it to differentiate between legitimate returning traffic and potential threats. This understanding underscores why filtering based solely on IP addresses is not a function of a stateful firewall, as it would not utilize the benefits of connection tracking that stateful firewalls offer.

More Questions Like This