cisco · 210-260 · Q425 · multiple_response · topic_1

Which two statements about stateless firewalls are true? (Choose two.)

A.They compare the 5-tuple of each incoming packet against configurable rules.
B.They cannot track connections.
C.They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.
D.Cisco IOS cannot implement them because the platform is stateful by nature.
E.The Cisco ASA is implicitly stateless because it blocks all traffic by default.

Explanation

However, since iptables and Netfilter were introduced and connection tracking in particular, this option was gotten rid of. The reason for this is that connection tracking can not work properly without defragmenting packets, and hence defragmenting has been incorporated into conntrack and is carried out automatically. It can not be turned off, except by turning off connection tracking. Defragmentation is always carried out if connection tracking is turned on. Reference: http://www.iptables.info/en/connection-state.html

Reference: examtopics_answer_description

Practice with progress tracking

Start tracked practice Pricing