Systems Security Certified Practitioner – SSCP – Question0896

In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:

A.
Network or Transport Layer.
B. Application Layer.
C. Inspection Layer.
D. Data Link Layer.

Correct Answer: A

Explanation:

Most stateful packet inspection firewalls work at the network or transport layers. For the TCP/IP protcol, this allows the firewall to make decisions both on IP addresses, protocols and TCP/UDP port numbers
Application layer is incorrect. This is too high in the OSI stack for this type of firewall.
Inspection layer is incorrect. There is no such layer in the OSI stack.
“Data link layer” is incorrect. This is too low in the OSI stack for this type of firewall.
References: CBK, p. 466 AIO3, pp. 485 -486