During the Check Point Stateful Inspection Process, for packets that do not pass Firewall Kernel Inspection and are rejected by the rule definition, packets are:
A. Dropped without sending a negative acknowledgment
B. Dropped without logs and without sending a negative acknowledgment
C. Dropped with negative acknowledgment
D. Dropped with logs and without sending a negative acknowledgment
|
Download Printable PDF. VALID exam to help you PASS. |
 |
From a logical point of view, it can only be A, as long as we can exclude C which I believe we can all agree on.
Because if B or D was right, A would also be right, and there’s only one correct answer.
Unluckily, experience has shown that logic is not applicable in this kind of exam questions.
Even though this argumentation is perfectly fine, it turns out we cannot agree on C being wrong.
So if logic is applicable, it is A or C and from the other comments it seems it’s C.
Sorry for causing any confusion.
This is one of the nutritious answers that are impossible to answer without study guide book. So here is the official statement:
For packets that do not inspection and are rejected by rule definition a negative acknowledgment (NACK) is sent (i.e RST packet on TCP and ICMP unreachable on UDP).
So the answer is C, without any doubt.
where is that “official statement” from?
and also, out of common sense, why would a firewall be replying to every single dropped connection with a nack? exposing its own ip? if fws are all about security?
CCSE Manual Page 247.
Inspection Process Flowchart
5. For packets that do not pass inspection and are rejected by the rule definition, a negative
acknowledgment (NACK) is sent (i.e. RST packet on TCP and ICMP unreachable on
UDP).
RST is not NACK or Negative Ack
Dropped without sending a negative acknowledgment
Yes it is C
Reject action: The Firewall sends an RST packet to the originating end of the connection and the connection is closed. This means C