Latest 100 Firewall Concepts Interview Questions
What firewall based technology would you use to create a secure tunnel connection from a corporate headquarters to a remote branch office?
A. VPN
B. Tunnel
C. HTTPS
D. Radius
Ans: A
When configuring a firewall to deny port 3389 to a RDP server that is to receive the SYN packet, what is the address?
A. Flag
B. Destination
C. Source
D. Connected
Ans: B
Which of the folllowing firewalls keeps track of the state of network connections ?
A. Static filtering
B. Stateless inspection
C. Stateful inspection
D. Dynamic Filtering
Ans: C
What is a DMZ zone?
A. Dual Master Zone
B. DeMilitarized Zone
C. Donor Master Zone
D. Dedicated Master Zone
Ans: B
Your client asks you to create a rule for FTP access, what port(s) will you add on the firewall?
A. 20 and 21
B. 20
C. 8021
D. 2121
Ans: A
Which of the following 8-bit values identifies the maximum time the packet can remain in the system before it is dropped?
A. fragment
B. time to live
C. checksum
D. protocol
Ans: B
Which TCP port is used by Telnet?
A. 110
B. 80
C. 23
D. 72
Ans: C
What is the primary purpose of a firewall?
A. Enables fast forwarding
B. Route frames
C. Route hot packets
D. Inspect packets
Ans: D
Which of the following server creates a secure tunnel connection?
A. RADIUS
B. tunnel
C. authentication
D. VPN
Ans: D
Your customer asks you to allow ALL hosts from the Internet to company’s secure webserver (Secure HTTP), what port do you open on the firewall?
A. 23
B. 22
C. 443
D. 43
Ans: C
FTP uses which of the following port as control port?
A. 21
B. 22
C. 20
D. 23
Ans: A
Which of the following is not a recognized generation of Firewall?
A. First Generation
B. Third Generation
C. DMZ
D. Second generation
Ans: C
What device logically filters traffic at the edge of a computer network and the Internet?
A. Switch
B. Firewall
C. Router
D. Hub
Ans: B
Which of the following is TRUE?
A. The firewall may be a separate computer system, a software service running on an existing router or server, or a separate network containing a number of supporting devices
B. All of the given options are correct
C. Firewalls can be categorized by processing mode, development era, or structure
D. Firewalls categorized by which level of technology they employ are identified by generation, with the later generations being more complex and more recently developed
Ans: B
You want to filter all traffic going to an internal web server from the Internet side of the firewall, what port will you filter on the firewall?
A. 8080
B. 80
C. 21
D. 25
Ans: B
In an IP packet header, which of the following is the address of the computer or device that is to receive the packet?
A. total length
B. source address
C. flag
D. destination address
Ans: D
What port does FTP use for the control port?
A. 20
B. 23
C. 21
D. 22
Ans: C
Which of the following firewalls works at the application level?
A. Packet filtering firewal
B. application-level firewalls
C. circuit firewall
D. MAC layer firewalls
Ans: B
Which port does secure HTTP use?
A. 442
B. 8080
C. 443
D. 441
Ans: C
What application controls what information is transmitted or received from an external source destined to a server, workstation, or computer that is based on a preset of rules and/or user preferences?
A. Server
B. Repeater
C. Router
D. Firewall
Ans: D
Some firewalls deploy a technology that allows monitoring of traffic in and out of a network and alerts network staff when suspicious traffic patterns occur.
A. Router
B. IDS
C. Hub
D. Switch
Ans: B
Which of the following firewalls keeps track of the connection state?
A. Packet filtering firewall
B. Stateful packet filtering firewall
C. Application layer firewall
D. Router enhanced firewal
Ans: B
You are a network administrator and you have been asked to add a deny all ICMP firewall stated that is sourced from the Internet; you add a deny all for ICMP, what common command would you use to test your newly added rule?
A. Traceroute
B. ICMP
C. PING
D. MTR
Ans: C
What is a host based firewall?
A. Software firewall installed on a server/workstation/desktop
B. A proxy server configured to handle http requests
C. A device that is installed by your Internet Service Provider
D. A Firewall connected directly to the Network Interface Card of a Computer
Ans: A
When referring to firewall concepts, what are application level gateways?
A. HTTP servers
B. Proxy servers
C. IP Servers
D. HTTP servers
Ans: B
Packets contain an 8-bit value that determines the maximum time the packet can remain the CPU, Memory, and Buffer circuits of a firewall before it is dropped or discarded, what is this called?
A. Protocol
B. Time To Live
C. Fragment
D. Checksum
Ans: B
When designing a network that consists of a firewall, the firewall design needs to be “BLANK” so that it can grow with the network it protects.
A. Cost effective
B. Robust
C. Scalable
D. Expensive
Ans: C
The Windows based program, ZoneAlarm is an example of a “BLANK” firewall?
A. Software
B. Business
C. Corporate
D. IDS
Ans: A
What types of firewalls are able to analyze the contents of packets and the IP headers for signs that the traffic is legitimate?
A. Stateless
B. Software
C. Boundary
D. Stateful
Ans: D
Which of the following is another term for a packet of digital information?
A. header
B. data
C. datagram
D. footer
Ans: C
Which of the following is not a VALID basic criteria for rule in the firewall policy?
A. Destination
B. User
C. Service
D. Source
Ans: B
Which of the following valid OSI layer are covered by packet filtering firewall operation ?
A. Network layer
B. Transport layer
C. At the Application layer
D. Both Transport layer and Network layer
Ans: D
The practice of designing operational aspects of a system to work with a minimal amount of system privilege is called:
A. IP forwarding
B. least privilege
C. access denied
D. failover firewall
Ans: B
When referring to firewalls, what does SPI Stand for?
A. Stateless Packet Inspection
B. Shared Packet Interconnection
C. Stateful Packet Inspection
D. Source Packet Information
Ans: C
Ports up to which of the following are called well-known ports?
A. 1025
B. 255
C. 1023
D. 1500
Ans: C
Which particular firewall usually consists of two separate firewall devices?
A. Application –level firewall
B. MAC layer firewalls
C. Hybrid Firewall
D. Dynamic Filtering
Ans: C
What main attributes are used at layer 4 of the OSI model to filter traffic on a firewall?
A. Frames and packets
B. Source and/or destination IP Addresses
C. Source and/or destination TCP/UDP ports
D. ICMP and IP
Ans: C
When packets are being processed by a hardware firewall, one of the several steps in processing the packets is an error-checking procedure that is performed in the trailer section of an IP Packet, this is called what?
A. IFG
B. IPC (IP Check)
C. CRC
D. FQDN
Ans: C
Which type of firewall involves firewall software installation directly on the user’s system?
A. Third Generation
B. Residential –Grade Firewall
C. Commercial –Grade Firewall
D. Fourth Generation
Ans: B
Which of the following are the most common restrictions implemented in packet filtering firewalls?
A. All of the given options are valid
B. IP source and destination address
C. Inbound Direction
D. Outbound Direction
Ans: A
When troubleshooting the flow of packets through a firewall, a datagram is called what at the network layer of the OSI model?
A. Frames
B. Packets
C. Segments
D. Bits
Ans: B
What port do most DDOS DNS attacks occur on?
A. 161
B. 80
C. 53
D. 443
Ans: C
Which of the following firewall makes the filtering decision based on the media access control address of the source/destination of a packet ?
A. MAC layer Firewalls
B. Packet Filtering
C. Circuit Gateways
D. Application Gateways
Ans: A
Zone Alarm is an example of which type of firewall?
A. proxy
B. IDS
C. corporate
D. personal
Ans: D
The basic concept of a SYN flooding attack lies in the design of what handshake that begins a TCP connection?
A. 4-way
B. 2-way
C. TCP
D. 3-way
Ans: D
What it is called when a packet arrives at a firewall, gets analyzed and determines that no connection exists and the packet is dropped?
A. Stateful Packet Inspection
B. Connection Oriented Inspection
C. Stateless Packet Inspection
D. Stateful Frame Inspection
Ans: A
A stateful firewall maintains which of the following?
A. bridging table
B. connection table
C. routing table
D. state table
Ans: D
What happens when a packet arrives on an interface and a route exists in the local routing table and the firewall routes the packet back out the same interface the packet arrived on?
A. Interface will get disabled due to a routing conflict
B. The Packet is allowed, but marked as low priority
C. The Packet is dropped
D. Poison reverse routing is disabled and the packet is allowed
Ans: C
What specific chip design allows firewalls to accelerate packet processing to analyze and filter packets between an untrusted and trusted network?
A. MIPS
B. Intel X86
C. RISC
D. ASIC
Ans: D
What technology is used on firewalls that process stateful packet inspections at the hardware level and as close to the line rate as possible?
A. ACL
B. ASIC
C. Intel
D. SPI
Ans: B
True/False: Application proxy firewalls are faster than Stateful Packet Inspection firewalls.
A. False
B. True
Ans: A
Which of the following firewall’s filtering process can be either Stateful, Stateless or both ?
A. Circuit Gateways
B. Application Gateways
C. Packet Filtering
D. MAC layer firewalls
Ans: C
What device should be the front line defense in your network?
A. Network Layer Firewalls
B. Application Based Firewalls
C. Packet Filtering Firewalls
D. Stateful Packet Inspection firewall
Ans: D
What kind of firewall is the opensource IPtables firewall commonly found on Linux Distros?
A. Connection oriented firewall
B. Stateful
C. Zone Based
D. Stateless
Ans: B
Which particular generation firewall are stateless in nature ?
A. Second generation
B. Third Generation
C. Fourth Generation
D. First Generation
Ans: D
A Stateful Packet Inspection firewall maintains a “BLANK”, which is also just a list of active connections.
A. NAT Table
B. Routing Table
C. Connection Table
D. State Table
Ans: D
Ports up to “BLANK” are considered well known ports.
A. 65536
B. 1024
C. 1023
D. 65524
Ans: C
True/False: NAT is considered as a firewall technology.
A. True
B. False
Ans: B
What kind of firewall is the integrated Microsoft Windows firewall application?
A. Stateful
B. Stateless
C. Zone Based
D. Connection oriented firewall
Ans: A
A “BLANK” flowing through a firewall is another term for a packet of digital information.
A. Frame
B. Datagram
C. Data
D. Packet
Ans: B
Network-based firewalls and Host-based firewalls are valid categories of which of the following firewall ?
A. Circuit Gateways
B. Hybrids
C. Application –level firewall
D. MAC layer firewalls
Ans: C
What do circuit layer Firewalls monitor?
A. Transport Handshaking
B. TCP Handshaking
C. IP Handshaking
D. UDP Handshaking
Ans: B
Which of the following is not a VALID subset of packet filtering firewalls?
A. Stateless inspection
B. Dynamic Filtering
C. Stateful inspection
D. Static filtering
Ans: A
A dynamic or Stateful Packet Inspection firewall maintains active “BLANK” sessions and “BLANK” pseudo sessions.
A. Server and Host
B. Stateful and Stateless
C. TCP and UDP
D. IP and ICMP
Ans: C
Which of the following is not a VALID processing –mode category of firewalls?
A. Proxy firewalls
B. Circuit gateways
C. Packet filtering Firewalls
D. Application gateways
Ans: A
What is a Cisco Access Control List (ACL) considered as?
A. Controlled
B. Stateful
C. Stateless
D. NAT
Ans: C
Which of the following is a mechanism designed into operating system kernel ?
A. Second generation
B. Third Generation
C. Fifth Generation
D. First Generation
Ans: C
Which of the following servers in the DMZ needs only list a limited number of public IP addresses?
A. DNS
B. NAT
C. proxy
D. firewall
Ans: A
Which of the following is FALSE about Circuit Gateways?
A. Circuit Gateway firewalls provide a common access mechanism which is not dependent on the destination application
B. Circuit Gateway firewalls provide a unique access mechanism based on the destination application
C. Circuit gateways firewalls DO NOT look at data traffic flowing between one network and another
D. Firewall operates at the transport layer
Ans: B
Which generation firewalls are stateful inspection firewalls?
A. Second generation
B. First Generation
C. Fourth Generation
D. Third Generation
Ans: D
In an IP packet header, which of the following describes the length of the header in 32-bit words and is a 4-bit value?
A. total length
B. fragment offset
C. header checksum
D. Internet header length
Ans: D
Which of the following can have different components of the firewall for different systems?
A. dual-homed firewalls
B. packet filtering routers
C. screened subnet firewall
D. Screened Host Firewalls
Ans: D
What layer(s) does an SPI firewall generally operate at?
A. Application
B. Network
C. D and F
D. Data Link
Ans: C
Which of the following is not a vaild categorization of Firewall based on structure?
A. residential grade
B. application-based
C. hardware-based
D. commercial-grade
Ans: B
What layer of the OSI model do Circuit Layer Firewalls operate at?
A. Application Layer
B. Session Layer
C. Transport Layer
D. Network Layer
Ans: B
Which of the following is not a vaild categorization of Firewall based on processing mode?
A. Application filtering
B. Packet filtering Firewalls
C. Application gateway
D. Circuit gateway
Ans: A
Which level proxy provides protection at the session layer of OSI?
A. circuit
B. application
C. server
D. proxy
Ans: A
Which of the following is an INVALID common architectural implementation of firewall?
A. packet filtering routers
B. Dynamic Filtering
C. dual-homed firewalls
D. screened host firewalls
Ans: B
Which of the following host is sometimes called a dual-homed gateway or bastion host?
A. proxy
B. blocked
C. stub
D. sceened
Ans: D
Which generation firewalls are either application-level firewalls or proxy servers?
A. Second generation
B. Third Generation
C. First Generation
D. Fourth Generation
Ans: A