Certified Information Systems Security Professional (CISSP) — Question 299

Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?

Answer options

• A. A network-based firewall is stateful, while a host-based firewall is stateless.
• B. A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.
• C. A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.
• D. A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.

Correct answer: C

Explanation

The correct answer is C because a network-based firewall is designed to monitor and control traffic that flows through the network, while a host-based firewall is focused on traffic that is directed towards the individual device. Options A and B are incorrect as they misrepresent the statefulness and functions of the firewalls. Option D, while partially true, does not capture the main functional difference as accurately as option C.