Telecommunications and Network Security

Posted on

Questions derived from the CISSP – CISSP ISC2 Self-Test Software Practice Test.


Objective: Telecommunications and Network Security
SubObjective: Develop and maintain secure networks


Item Number: CISSP.10.3.8
Single Answer, Multiple Choice


Which type of firewall most detrimentally affects network performance?



  1. Stateful firewall
  2. Circuit-level proxy firewall
  3. Packet-filtering firewall
  4. Application-level proxy firewall


D. Application-level proxy firewall


An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet.


The packet-filtering firewall provides high performance. Stateful and circuit-level proxy firewalls, while slower than packet-filtering firewalls, offer better performance than application-level firewalls.


Kernel proxy firewalls offer better performance than application-level firewalls.


An application-level firewall creates a virtual circuit between the firewall clients. Each protocol has its own dedicated portion of the firewall that is concerned only with how to properly filter that protocol’s data. Unlike a circuit-level firewall, an application-level firewall does not examine the IP address and port of the data packet. Often, these types of firewalls are implemented as a proxy server.


A proxy-based firewall provides greater network isolation than a stateful firewall. A stateful firewall provides greater throughput and performance than a proxy-based firewall. In addition, a stateful firewall provides some dynamic rule configuration with the use of the state table.


CISSP All-in-One Exam Guide, Chapter 7: Telecommunications and Network Security, Application- and Circuit-Level Proxies, pp. 488-490.

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|