Let's eliminate some answers:
- E "Deep packet inspection operates on Layer 3 and 4" - this totally incorrect, DPI works up to layer 7.
- D "deep packet filtering checks only TCP source and destination ports" - this is totally incorrect, DPI works up to layer 7 which is much more that source and destination ports.
- B "Stateful inspection is capable of packet data inspections, and deep packet inspection is not." - actually it is the opposite. Totally wrong answer.
What ever you think of A and C these are the answers they want you to select on the exam, i my opinion.
C. Malware works primarily on Application Layer.
D. I'd agree with alhamry's statement about Stateful Inspection.
C & D looks much more correct in my opinion.
DPI Can block malware via layer 7 (application recognition AKA NBAR2), BUT does not inspect UDP traffic. Stateful inspects only layer 4 (Network) which can tell between TCP/UDP (and 5 tuples) only.
The correct answers are D and E.
Stateful inspection firewall checks the state of the traffic (e.g. TCP state tracking) to allow or deny traffic. It tracks the state of connections and only allows traffic that is part of an established connection. This type of firewall is considered less resource-intensive compared to deep packet inspection because it only examines a limited set of fields in the packets.
Deep packet inspection (DPI) firewall examines the payload of the packets beyond the header information. DPI can analyze the content of the traffic and block traffic based on characteristics like malware, URLs, or content type. DPI operates on layer 7 of the OSI model, whereas stateful inspection operates on layer 3.
Therefore, D is correct because stateful inspection is capable of TCP state tracking, and deep packet filtering checks only TCP source and destination ports. E is correct because deep packet inspection operates on Layer 3 and 4, and stateful inspection operates on Layer 3 of the OSI model.
Option A is incorrect because stateful inspection is capable of inspecting both TCP and UDP traffic.
Option B is incorrect because both stateful inspection and deep packet inspection can inspect the content of packets.
Option C is incorrect because stateful inspection can also block malware based on inspecting packet contents and the state of the connection.
Therefore, none of these options provide accurate differences between stateful and deep packet inspection.
Deep packet inspection is capable of TCP state monitoring only, and stateful inspection can inspect TCP and UDP.
C. Deep packet inspection is capable of malware blocking, and stateful inspection is not.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ImGonnaPassIt
1 month agoRoBery
6 months, 1 week agosheyshey
7 months, 2 weeks agoSecurityGuy
11 months agosheyshey
7 months, 2 weeks agoIsuckatexams
1 year, 1 month agoalhamry
1 year, 2 months agoalhamry
1 year, 2 months agomozaki
1 year, 4 months agogenadieff
1 year, 8 months agotrigger4848
1 year, 8 months ago