Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 183

What are the two differences between stateful and deep packet inspection? (Choose two.)

Answer options

• A. Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.
• B. Stateful inspection is capable of packet data inspections, and deep packet inspection is not.
• C. Deep packet inspection is capable of malware blocking, and stateful inspection is not.
• D. Stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports.
• E. Deep packet inspection operates on Layer 3 and 4, and stateful inspection operates on Layer 3 of the OSI model.

Correct answer: C, D

Explanation

The correct answer is C and D because deep packet inspection is designed to analyze the contents of packets for threats like malware, while stateful inspection focuses on maintaining the state of active connections without inspecting the packet content deeply. Options A, B, and E are incorrect as they misrepresent the capabilities and operational layers of stateful and deep packet inspection.