Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Exam CISSP topic 1 question 214 discussion

Actual exam question from ISC's CISSP
Question #: 214
Topic #: 1
[All CISSP Questions]

Why are packet filtering routers used in low-risk environments?

  • A. They are high-resolution source discrimination and identification tools
  • B. They are fast and flexible, and protect against Internet Protocol (IP) spoofing
  • C. They are fast, flexible, and transparent
  • D. They enforce strong user authentication and audit log generation
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
hohol
Highly Voted 1 year, 3 months ago
The packet filtering does not protect from IP spoofing
upvoted 8 times
alfaMegatron
1 year, 2 months ago
by allowing only authorized source address in ACL
upvoted 1 times
BuckLee
1 year, 2 months ago
they do only allow authorized Source addresses but they don't prevent spoofing
upvoted 2 times
...
...
...
certW1z
Most Recent 2 weeks ago
Selected Answer: C
c is right
upvoted 1 times
...
YetiSpaghetti
3 weeks, 3 days ago
Selected Answer: C
The packet filtering does not protect from IP spoofing
upvoted 2 times
...
Mas_amd
1 month, 2 weeks ago
C. They are fast, flexible, and transparent (Do not protect against spoofing)
upvoted 1 times
...
KCLung
3 months ago
No one is the answer. packet filtering cannot prevent IP spoofing.
upvoted 1 times
...
securitystudent
3 months, 1 week ago
Selected Answer: B
how can it protect against Internet Protocol (IP) spoofing?
upvoted 1 times
securitystudent
3 months, 1 week ago
I vote for C and click wrong
upvoted 1 times
...
...
Thealpine
4 months, 1 week ago
B. fast, flexible, protect against IP spoofing- is correct Routers connect networks, control network traffic based on logical IP addressing use statically defined routing tables, or employ dynamic routing system operate at OSI layer 3 static packet-filtering firewall(screening router) filters traffic by examining data from message header rules are concerned with source-destination IP address (layer 3), port numbers (layer 4). Using static filtering, firewall cannot provide user authentication/verify whether data packet originated from inside/outside private network fooled with spoofed packets known as first-generation firewalls, operate at layer 3 It is also a type of stateless firewall as each packet is evaluated individually than in context (as performed by stateful firewall). stateless firewall analyzes packets on an individual basis against filtering ACLs/rules. context of communication(any previous packets) is not used to make allow/deny decision on current packet. deliver fast performance perform well under pressure without getting caught in details.
upvoted 1 times
...
sylux
8 months, 2 weeks ago
Selected Answer: B
Answer is B. Packet filtering firewalls can detect spoofing throught the use of acls. Static Packet-Filtering Firewalls A static packet-filtering firewall (aka screening router) filters traffic by examining data from a message header. Usually, the rules are concerned with source and destination IP address (layer 3) and port numbers (layer 4). Chapter 11 Secure Network architecture and components p552.
upvoted 3 times
...
edyboy
1 year, 1 month ago
Answer is B. Packet filtering works in Layer 3 (Network protocol). It manages IP
upvoted 1 times
...
Kappiil
1 year, 1 month ago
"Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines. Intrusion Detection System (IDS) is a common use of packet filtering, which has been used to secure the environments for sharing data over network and host based IDS approaches.["
upvoted 1 times
...
PtrSpd
1 year, 1 month ago
Who wrote this question?
upvoted 4 times
...
kamin123
1 year, 3 months ago
Packet-filtering ROUTER is with fast, flexible, and transparent. Agree with C
upvoted 4 times
alfaMegatron
1 year, 2 months ago
how it is transparent?
upvoted 1 times
NW_Guru
1 year ago
Configuring as bump-in-a-wire device.
upvoted 1 times
...
...
...
hohol
1 year, 3 months ago
Packet-filtering firewalls use routers with packet-filtering rules to grant or deny access based on source address, destination address, and port. They offer minimum security, but at a very low cost, and can be an appropriate choice for a low-risk environment. They are fast, flexible, and transparent. https://sourcedaddy.com/networking/packet-filtering-gateways.html
upvoted 4 times
sylux
8 months, 2 weeks ago
Firewalls are not transparent if they deny a communication path you will very much see that the restriction exist
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...