Systems Security Certified Practitioner – SSCP – Question0898

When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass:

A.
packet filtering
B. CIrcuit level proxy
C. Dynamic packet filtering
D. Application level proxy

Correct Answer: C

Explanation:

The dynamic packet filtering firewall is able to create ACL’s on the fly to allow replies on dynamic ports (higher than 1023).
Packet filtering is incorrect. The packet filtering firewall usually requires that the dynamic ports be left open as a group in order to handle this situiation.
Circuit level proxy is incorrect. The circuit level proxy builds a conduit between the trusted and untrusted hosts and does not work by dynamically creating ACL’s.
Application level proxy is incorrect. The application level proxy “proxies” for the trusted host in its communications with the untrusted host. It does not dynamically create ACL’s to control traffic.