Check Point Certified Security Administrator (CCSA) Practice Exam

Regarding stateful inspection and proxies, which statement is correct?

• A. Stateful Inspection is limited to Layer 3 visibility, with no Layer 4 to Layer 7 visibility capabilities.
• B. Proxies were significantly faster than stateful inspection firewalls.
• C. Proxies offer far more security because of being able to give visibility of the payload.
• D. Stateful inspection was significantly faster than proxies.

The correct answer is: Stateful inspection was significantly faster than proxies.

Stateful inspection is a technology used in firewalls that tracks the state of active connections and makes decisions based on the context of the traffic (like connection state and protocol). It operates at multiple layers, primarily Layer 3 (Network) and Layer 4 (Transport), allowing it to understand the state and attributes of connections. One of the key advantages of stateful inspection is its efficiency in processing traffic. It can quickly determine whether packets are part of an established connection or are new requests. This results in faster handling of legitimate traffic compared to proxy firewalls, which must analyze the entire payload of each packet and establish new connections, as they act as intermediaries. Proxy firewalls, while providing deep packet inspection and potentially more granular control by examining higher layers (including Layer 7), introduce more latency due to the overhead of processing packets in their entirety. This can slow down traffic compared to stateful inspection, which can expedite throughput through efficient tracking and state management. Therefore, stating that stateful inspection was significantly faster than proxies accurately reflects the performance characteristics of these two firewall types in terms of handling traffic.