PrepAway - Latest Free Exam Questions & Answers

Which of the following is NOT a common weakness of pack…

Which of the following is NOT a common weakness of packet filtering firewalls?

PrepAway - Latest Free Exam Questions & Answers

A.
Vulnerability to denial-of-service and related attacks.

B.
Vulnerability to IP spoofing.

C.
Limited logging functionality.

D.
No support for advanced user authentication schemes.

Explanation:
Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and
blocking packets with conflicting source address information (packets from outside the network that show
source addresses from inside the network and vice-versa).
Incorrect Answers:
A: Packet filtering firewalls, as they are stateless, are vulnerable to denial-of-service attacks. A stateful firewall
would be able to handle these attacks better.
C: Logging is no problem when using packet filtering firewalls.
D: Packet filter gateways cannot ensure strong user authentication.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630

One Comment on “Which of the following is NOT a common weakness of pack…

  1. kfs says:

    Ability to block packets with conflicting address information does not mean ability to detect this information is spoofed.

    7th ed. states that
    “Many packet-filer firewalls cannot detect spoofed addresses”
    (S. Harris, All in one CISSP exam guide 7th edition, p.585)

    and 5th ed.:
    “Many packet-filtering firewalls cannot detect a network packet in which the OSI layer 3 addressing information has been altered (spoofed)”
    (S. Harris, All in one CISSP exam guide 5th edition, p.555)

    So the option B is questionable, depending on what is meant by “Vulnerability to IP spoofing.”




    0



    0

Leave a Reply