Which two statements about stateless firewalls are true? (Choose two.)
A . They compare the 5-tuple of each incoming packet against configurable rules.
B . They cannot track connections.
C . They are designed to work most efficiently with stateless protocols such as HTTP or HTTP
E . Cisco IOS cannot implement them because the platform is stateful by nature.
F . The Cisco ASA is implicitly stateless because it blocks all traffic by default.
Answer: A,B
Explanation:
In stateless inspection, the firewall inspects a packet to determine the 5-tuple–source and destination IP addresses and ports, and protocol–information contained in the packet. This static information is then compared against configurable rules to determine whether to allow or drop the packet. In stateless inspection the firewall examines each packet individually, it is unaware of the packets that have passed through before it, and has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is a rogue packet.
Source: http://www.cisco.com/c/en/us/td/docs/wireless/asr_5000/19-0/XMART/PSF/19-PSFAdmin/19-PSF- Admin_chapter_01.html
Leave a Reply