Questions derived from the CISSP – CISSP ISC2 Self-Test Software Practice Test. Objective: Telecommunications and Network SecuritySubObjective: Develop and maintain secure networks Item Number: CISSP.10.3.8 Single Answer, Multiple Choice Which type of firewall most detrimentally affects network performance? Stateful firewall Circuit-level proxy firewall Packet-filtering firewall Application-level proxy firewall Answer:D. Application-level proxy firewall Tutorial:An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet. The packet-filtering firewall provides high performance. Stateful and circuit-level proxy firewalls, while slower than packet-filtering firewalls, offer better performance than application-level firewalls. Kernel proxy firewalls offer better performance than application-level firewalls. An application-level firewall creates a virtual circuit between the firewall clients. Each protocol has its own dedicated portion of the firewall that is concerned only with how to properly filter that protocol's data. Unlike a circuit-level firewall, an application-level firewall does not examine the IP address and port of the data packet. Often, these types of firewalls are implemented as a proxy server. A proxy-based firewall provides greater network isolation than a stateful firewall. A stateful firewall provides greater throughput and performance than a proxy-based firewall. In addition, a stateful firewall provides some dynamic rule configuration with the use of the state table. Reference:CISSP All-in-One Exam Guide, Chapter 7: Telecommunications and Network Security, Application- and Circuit-Level Proxies, pp. 488-490.
Please log in or subscribe to read this article