Computer Hacking Forensic Investigator (CHFI v10) — Question 110

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, stateful firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

Answer options

• A. Stateful firewalls do not work with packet filtering firewalls
• B. NAT does not work with stateful firewalls
• C. IPSEC does not work with packet filtering firewalls
• D. NAT does not work with IPSEC

Correct answer: D

Explanation

The correct answer is D because NAT and IPSEC can have compatibility issues, particularly when IPSEC is used in tunnel mode, which can prevent NAT from functioning properly. Answers A, B, and C are incorrect as stateful firewalls can work alongside packet filtering firewalls, NAT is compatible with stateful firewalls, and IPSEC can function with packet filtering firewalls.