Which of the following best describes a stateful inspection?

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Master concepts with flashcards and multiple choice questions, each enriching your understanding. Ready yourself to succeed in your exam!

Multiple Choice

Which of the following best describes a stateful inspection?

Explanation:
Stateful inspection involves making decisions based on how a connection is behaving, not just on surface details like IPs and ports. It tracks the state of active conversations, such as whether a TCP three-way handshake has completed and the session is established. By consulting this state, the firewall can determine if incoming packets belong to an existing, legitimate connection and allow them; packets that don’t fit the current state are blocked. This dynamic awareness helps prevent certain spoofing and unsolicited traffic that stateless filtering might miss. So, the description that matches this behavior is that traffic is evaluated for legitimacy based on the state of the connection it originated from. Other options describe different tasks (DNS query checks, malware payload scanning, or filtering strictly by IP) that do not capture how stateful inspection uses connection state to gate traffic.

Stateful inspection involves making decisions based on how a connection is behaving, not just on surface details like IPs and ports. It tracks the state of active conversations, such as whether a TCP three-way handshake has completed and the session is established. By consulting this state, the firewall can determine if incoming packets belong to an existing, legitimate connection and allow them; packets that don’t fit the current state are blocked. This dynamic awareness helps prevent certain spoofing and unsolicited traffic that stateless filtering might miss.

So, the description that matches this behavior is that traffic is evaluated for legitimacy based on the state of the connection it originated from. Other options describe different tasks (DNS query checks, malware payload scanning, or filtering strictly by IP) that do not capture how stateful inspection uses connection state to gate traffic.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy