My Story Partners Podcasts Blog Resources Contact CISSP Training Program
Academy Login

Weekly CISSP Practice

Exam Questions

Week 18 - Question 1

A firewall that filters traffic based on the state of the connection is known as?

A.  Packet filtering firewall

B.  Proxy firewall

C.  Stateful firewall

D.  Web application firewall

Answer:  C

Explanation:

C. Stateful Inspection Firewall (The Correct Choice)
A Stateful Firewall (also known as Stateful Inspection) is distinguished by its ability to maintain a State Table. Unlike simpler filters, it doesn't just look at a single packet in isolation; it understands the "conversation."

How it works: When an internal user initiates a connection to a website, the firewall records that "outbound" request in its state table. When the website sends data back, the firewall checks the table, sees an active conversation, and automatically allows the "inbound" traffic through.

Key Benefit: It provides higher security than basic filtering because it can deny unsolicited incoming traffic that isn't part of a pre-established, legitimate session.

Why the Other Options Don't Fit:
A. Packet Filtering Firewall
Consider this the "first generation" of firewalls. It operates primarily at Layer 3 (Network) of the OSI model. It makes decisions based on a static Access Control List (ACL) using source/destination IP addresses and ports.

The Flaw: It is "stateless." It treats every packet as a brand-new event, making it vulnerable to certain types of spoofing and complex attacks.

B. Proxy Firewall (Application-Level Gateway)
A Proxy firewall acts as a "middleman." When a user requests a resource, the proxy creates a completely new connection to the destination on the user's behalf.

The Difference: While extremely secure because it hides the internal network addressing, its defining characteristic is mediation, not just tracking the "state" of a direct connection.

D. Web Application Firewall (WAF)
A WAF is a specialized tool designed to protect Web Servers. It sits in front of web applications and looks for specific "Layer 7" attacks like SQL Injection (SQLi) or Cross-Site Scripting (XSS).

The Difference: A WAF is looking for malicious content within HTTP/HTTPS traffic, whereas a stateful firewall is looking at the connection logic.

CISSP Study Tip: Remember the OSI Layers
On the exam, you can often find the right answer by mapping the technology to the OSI Model:

  • Packet Filtering: Layer 3 (IP) and Layer 4 (Port).
  • Stateful Inspection: Layer 3 and Layer 4, with a "memory" of the connection.
  • Proxy/WAF: Layer 7 (Application).

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam? 

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.   

Check out channel