Certified Information Systems Security Professional (CISSP) — Question 482

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

Answer options

• A. The SPI inspects traffic on a packet-by-packet basis.
• B. The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.
• C. The SPI is capable of dropping packets based on a pre-defined rule set.
• D. The SPI inspects the traffic in the context of a session.

Correct answer: D

Explanation

The correct answer, D, highlights that a stateful packet inspection firewall evaluates traffic based on the context of sessions, allowing it to track the state of active connections. Options A, B, and C do not accurately capture this capability; they refer to packet inspection methods that do not consider session context, which is essential for stateful firewalls.