CISSP Question of the Day – 8-1-2016

Getting You Prepped for the CISSP Exam ...One Question at a Time!

Today’s CISSP question topic: Packet Filtering Firewalls

Packet filtering firewalls have several limitations that make them less appropriate than more modern solutions when protecting internal resources from Internet threats. Which of the following are shortcomings of packet filtering firewalls? (Choose 2)

  1. They control access based on source IP address and cannot verify if the address is being spoofed.
  2. They use reverse path forwarding lookups.
  3. They are stateless.
  4. They do not support logging packets that match firewall rules.
  5. They are stateful.
  6. They defend against TCP SYN floods, which reduces their effective throughput.



Check Your Answer


  1. They control access based on source IP address and cannot verify if the address is being spoofed.
  2. They are stateless.

Supporting Links:
  1. http://linux-ip.net/html/pf-shortcomings.html
  2. https://www.giac.org/paper/gsec/693/comparison-packet-filtering-vs-application-level-firewall-technology/101569


Co-workers, friends or colleagues studying for the CISSP exam, too? Share this question with them! Click an icon below to share to your preferred social media platform!
Posted in:
About the Author

Colin Weaver

Colin Weaver is co-owner and lead instructor at ITdojo, Inc., a network security and information assurance training center and consulting firm located in Virginia Beach, VA. His passion for technology, networks, and security has led him to become enthralled with the idea of IPv6 and its implementation. In this blog he will share with you glimpses of what he has learned and a hint at what you’ll learn in his classes.