PrepAway - Latest Free Exam Questions & Answers

Which characteristic is a potential security weakness of a traditional stateful firewall?

Which characteristic is a potential security weakness of a traditional stateful firewall?

PrepAway - Latest Free Exam Questions & Answers

A.
It cannot support UDP flows.

B.
It cannot detect application-layer attacks.

C.
It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.

D.
It works only in promiscuous mode.

E.
The status of TCP sessions is retained in the state table after the sessions terminate.

F.
It has low performance due to the use of syn-cookies.

Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementati
on_design_guide09186a00800fd670.html
Cisco IOS Firewall consists of several major subsystems:
• Stateful Packet Inspection provides a granular firewall engine
• Authentication Proxy offers a per-host access control mechanism
• Application Inspection features add protocol conformance checking and network use policy
control Enhancements to these features extend these capabilities to VRF instances to support
multiple virtual routers per device, and to Cisco Integrated Route-Bridging features to allow greater

deployment flexibility, reduce implementation timelines, and ease requirements to add security to
existing networks.


Leave a Reply