Computer Hacking Forensic Investigator (CHFI) — Question 54

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, stateful firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

Answer options

• A. Stateful firewalls do not work with packet filtering firewalls
• B. NAT does not work with stateful firewalls
• C. IPSEC does not work with packet filtering firewalls
• D. NAT does not work with IPSEC

Correct answer: D

Explanation

The correct answer is D because NAT and IPSEC can have compatibility issues, particularly with how IPSEC encapsulates packets, which can disrupt NAT's address translation process. The other options are incorrect as stateful firewalls can work with packet filtering firewalls, NAT can function with stateful firewalls, and IPSEC can operate with packet filtering firewalls.