When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to
allow the incoming reply on that port to pass:

A.
packet filtering

B.
Circuit level proxy

C.
Dynamic packet filtering

D.
Application level proxy

Explanation:
Ports up to 1023 are called well-known ports and are reserved for server-side services. The sending system
must choose a dynamic port higher than 1023 when it sets up a connection with another entity. The dynamic
packet-filtering firewall then creates an Access Control List (ACL) that allows the external entity to communicate
with the internal system.
Incorrect Answers:
A: A Packet filtering firewall makes access decisions based upon network-level protocol header values. It does
not use port numbers.
B: A Circuit level proxy works at the session layer and does not use ports.
D: An Application level proxy works at the packet level, not at the port level.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 640