Implementing Cisco Network Security (IINS, legacy) — Question 126

Which two statements about stateless firewalls are true? (Choose two.)

Answer options

• A. They compare the 5-tuple of each incoming packet against configurable rules.
• B. They cannot track connections.
• C. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.
• D. Cisco IOS cannot implement them because the platform is stateful by nature.
• E. The Cisco ASA is implicitly stateless because it blocks all traffic by default.

Correct answer: A, B

Explanation

The correct answers are A and B because stateless firewalls indeed compare the 5-tuple of each packet against rules and do not track connections. Options C and D are incorrect as stateless firewalls are not specifically designed for HTTP/HTTPS, and Cisco IOS can implement stateless firewalls, even though it is primarily stateful. Option E is also wrong because the Cisco ASA can operate in a stateful manner, not purely stateless.