✅ 1-Mark Questions with Answers (30)

1. Q: What is the primary purpose of a firewall?

A: To control incoming and outgoing network traffic based on security rules.
2. Q: Name any one type of firewall.
A: Packet filtering firewall.
3. Q: What does DMZ stand for in networking?
A: Demilitarized Zone.
4. Q: Which layer does a packet-filtering firewall operate on?
A: Network layer.
5. Q: True or False: A firewall can prevent all cyber attacks.
A: False.
6. Q: What kind of firewall inspects the state of active connections?
A: Stateful inspection firewall.
7. Q: What does NAT stand for?
A: Network Address Translation.
8. Q: Which firewall type operates at the application layer?
A: Application-level gateway.
9. Q: What is one example of a firewall configuration?
A: Screened subnet configuration.
10. Q: Can a firewall block outgoing traffic?
A: Yes.
11. Q: What is a bastion host?
A: A specially secured host in a DMZ network.
12. Q: Name a common open-source firewall.
A: pfSense.
13. Q: What is a dual-homed host?
A: A system with two network interfaces used in firewall configurations.
14. Q: Does a packet-filtering firewall examine payload data?
A: No.
15. Q: Which firewall type offers deep packet inspection?
A: Next-generation firewall.
16. Q: What is the default policy in a firewall?
A: The action taken when no rule matches a packet.
17. Q: What kind of firewall uses proxies to mediate connections?
A: Application gateway firewall.
18. Q: In which configuration is the DMZ located between two firewalls?
A: Screened subnet.
19. Q: What is a common protocol blocked by firewalls?
A: Telnet.
20. Q: Which firewall device integrates antivirus and intrusion prevention?
A: Unified Threat Management (UTM) device.
21. Q: What is a screening router used for in firewall setups?
A: Basic packet filtering.
22. Q: True or False: Firewalls can prevent phishing attacks.
A: False.
23. Q: What is the role of firewall rules?
A: To define traffic filtering criteria.
 24. Q: What is an example of a default-deny firewall rule?
A: Block all unless explicitly allowed.
25. Q: Can a firewall protect against internal threats?
A: Partially, depending on configuration.
26. Q: Name a limitation of packet-filtering firewalls.
A: Cannot inspect application data.
27. Q: What’s a hybrid firewall?
A: Combines multiple types of firewalls.
28. Q: True or False: DMZ hosts are fully trusted.
A: False.
29. Q: Which firewall type is best suited for securing web applications?
A: Application firewall.
30. Q: What is the main benefit of using a DMZ?
A: Isolates public-facing services from internal networks.

✅ 5-Mark Questions with Answers (30)

1. Q: Define a firewall and explain its main purpose in a network.

A:
A firewall is a security system that monitors and controls incoming and outgoing network
traffic based on predefined rules. Its primary purpose is to prevent unauthorized access to or
from a private network, enforcing a barrier between a secure internal network and untrusted
external networks like the Internet.

2. Q: Explain the working of a packet-filtering firewall with an example.

A:
Packet-filtering firewalls operate at the network layer and filter traffic based on IP addresses,
ports, and protocols.
Example: A rule that blocks all incoming traffic on port 23 (Telnet) to prevent unauthorized
access. It does not inspect the data payload or keep track of connection states.

3. Q: Differentiate between stateless and stateful firewalls.

A:

Feature Stateless Firewall Stateful Firewall

Tracks connection state No Yes
Speed Faster Slower
Security Basic Advanced
Example Packet filter Stateful inspection firewall
4. Q: What is a DMZ network and what are its uses?

A:
A DMZ (Demilitarized Zone) is a physical or logical subnetwork that separates an internal
LAN from untrusted networks, usually the Internet.
Uses:

 Hosting public-facing services (web, mail servers).

 Minimizing exposure of internal systems.
 Allowing selective access without compromising internal network security.

5. Q: Describe the application-level gateway firewall and its advantages.

A:
Also known as a proxy firewall, it operates at the application layer. It filters incoming traffic
for specific applications by examining the payload.
Advantages:

 Deep packet inspection.

 Strong user authentication.
 Protection against malware in application data.

6. Q: What is a screened subnet firewall configuration?

A:
A screened subnet uses two firewalls or routers to create a DMZ between the internal and
external networks.
Benefits:

 Better segmentation.
 Enhanced security for public servers.
 Isolates the DMZ from internal systems even if compromised.

7. Q: List and explain any five features of next-generation firewalls.

A:

1. Deep packet inspection.

2. Application awareness and control.
3. Integrated intrusion prevention.
4. SSL inspection.
 5. User identity integration. NGFWs offer more contextual awareness compared to
traditional firewalls.

8. Q: Compare packet-filtering firewalls and application-level firewalls.

A:

Feature Packet Filtering Application Gateway

OSI Layer Network Application
Speed Fast Slower
Payload inspection No Yes
Complexity Low High
Security level Basic Advanced

9. Q: Explain the concept of dual-homed host configuration.

A:
A dual-homed host has two network interfaces: one connected to the internal network and the
other to the external network. It acts as a firewall by routing traffic through a secure host.
Advantage: No direct connection between internal and external networks.

10. Q: What are common firewall policies and how are they enforced?

A:

 Allow: Permit specific traffic.

 Deny: Block specific traffic.
 Default-deny: Block all unless explicitly allowed. Firewalls enforce these through
rules that filter based on IPs, ports, protocols, and time schedules.

11. Q: How does a stateful inspection firewall enhance security compared to a

stateless firewall?

A:
Stateful inspection firewalls track the state of active connections, unlike stateless ones.
They:

 Monitor TCP handshakes and sequence numbers.

 Allow only valid packets part of an established session.
 Provide protection against spoofing and session hijacking. This reduces false positives
and improves traffic control.
12. Q: Describe a typical three-legged firewall configuration.

A:
This configuration involves:

 One interface to the internal network.

 One to the external (Internet).
 One to the DMZ (for public servers). It allows traffic segregation and granular policy
enforcement between all three zones.

13. Q: What are the key components of a firewall rule?

A:
Typical rule components include:

 Source IP address
 Destination IP address
 Source/destination port
 Protocol (TCP/UDP)
 Action (Allow/Deny)
 Direction (Inbound/Outbound) These determine which traffic is permitted or
blocked.

14. Q: Explain the principle of “default deny” in firewall rule sets.

A:
In this policy, all traffic is blocked by default unless explicitly allowed by a rule. It:

 Provides maximum security.

 Forces administrators to define safe traffic precisely.
 Prevents unexpected or malicious traffic by omission.

15. Q: What are the limitations of traditional packet-filtering firewalls?

A:

 No state awareness.
 Can’t inspect application-layer data.
 Vulnerable to spoofing.
 Difficult to manage large rule sets.
 Poor user-level control.
16. Q: Define and differentiate between internal and external firewalls.

A:

 External firewall: Sits between internal network and the Internet; filters
inbound/outbound traffic.
 Internal firewall: Sits between internal network segments; provides segmentation,
isolates departments, or protects sensitive systems.

17. Q: What are proxy firewalls and how do they operate?

A:
Proxy firewalls intercept requests between a client and destination server.
Working:

 Client connects to the proxy.

 Proxy evaluates request.
 Forwards it on behalf of client if allowed. This hides internal addresses and allows
application-layer filtering.

18. Q: How does a firewall support intrusion detection and prevention?

A:
Modern firewalls integrate Intrusion Detection Systems (IDS) and Intrusion Prevention
Systems (IPS) to:

 Detect suspicious patterns (e.g., port scanning, payload signatures).

 Block or alert on known threats.
 Log incidents for auditing and forensics.

19. Q: Discuss the role of firewalls in Virtual Private Networks (VPNs).

A:
Firewalls:

 Permit or deny VPN tunnel initiation based on IP, port, and protocol.
 Inspect and control encrypted VPN traffic (if capable).
 Terminate VPN sessions (in some UTM firewalls).
 Prevent VPN abuse by applying policies to tunneled data.
20. Q: Explain the concept of a “bastion host” and its importance in a DMZ.

A:
A bastion host is a hardened server that provides specific services to external users (e.g., web
server) while being isolated from the internal network.
Importance:

 First point of contact in DMZ.

 Closely monitored.
 Reduces risk of full network compromise if breached.

21. Q: How does NAT improve firewall functionality?

A:
Network Address Translation:

 Hides internal IPs from external users.

 Maps multiple private IPs to a single public IP.
 Acts as a basic layer of security. Firewalls often include NAT to filter traffic and
manage IP mappings.

22. Q: What are Unified Threat Management (UTM) firewalls?

A:
UTM firewalls combine multiple security functions in one device:

 Firewall
 Antivirus
 Intrusion prevention
 VPN
 Web filtering Advantages: centralized control, ease of deployment, and cost savings.

23. Q: Discuss how a firewall handles Denial-of-Service (DoS) attacks.

A:
Firewalls mitigate DoS by:

 Rate-limiting traffic.
 Dropping malformed packets.
 Blocking IPs with excessive requests.
 Integrating with IDS/IPS for real-time detection. They cannot fully stop large-scale
DDoS attacks without external help.
24. Q: Compare host-based and network-based firewalls.

A:

Feature Host-based Network-based

Location On individual devices At network perimeter
Scope One machine Multiple devices
Deployment Software Hardware/software
Customization Per device Global rules

25. Q: What is “deep packet inspection” in firewalls?

A:
Deep Packet Inspection (DPI) analyzes the actual data part (payload) of packets, not just
headers.
Benefits:

 Detects malicious content (e.g., malware, exploits).

 Enforces content-based policies.
 Detects application misuse (e.g., tunneling in HTTP).

26. Q: Why is firewall logging important? What should be logged?

A:
Logging helps in:

 Monitoring traffic trends.

 Detecting suspicious activity.
 Conducting audits and investigations. Logs should include: source/destination IP,
port, action taken, protocol, and timestamp.

27. Q: Explain Zero Trust security and how firewalls fit into this model.

A:
Zero Trust assumes no user or system is inherently trusted. Firewalls:

 Enforce least privilege access.

 Segment network zones.
 Authenticate all connections.
 Integrate with identity and access control systems.
28. Q: Describe a scenario where a DMZ network improves security.

A:
Example: A company hosts a public web server.

 Web server is placed in DMZ.

 Internal network is separated by another firewall.
 Even if the web server is compromised, internal systems remain protected.

29. Q: What is a transparent (bridge-mode) firewall?

A:
A transparent firewall operates at layer 2, passing traffic like a switch.
Benefits:

 No IP address changes needed.

 Invisible to users.
 Used for seamless inline inspection.

30. Q: What are best practices for configuring a firewall?

A:

1. Use default-deny policy.

2. Regularly update firmware and rules.
3. Log and review traffic.
4. Minimize open ports/services.
5. Apply least privilege to firewall rules.

Q1. Explain the key differences between packet filtering firewall and
application-level gateway.

Answer:

Application-Level Gateway (Proxy

Feature Packet Filtering Firewall
Firewall)
Layer of
Network layer (Layer 3) Application layer (Layer 7)
Operation
URL, user authentication, application
Filtering Criteria IP addresses, ports, protocols
commands
 Application-Level Gateway (Proxy
Feature Packet Filtering Firewall
Firewall)
Inspection Depth Shallow (header-based) Deep (payload-based)
High performance, less
Performance Slower due to deep inspection
resource usage
Security Basic security Higher security with more control
State Awareness Typically stateless Can maintain session states
Use Case Simple filtering needs Secure web/email access, user control

Packet filtering firewalls are fast and efficient but offer less security, while application-level
gateways provide more detailed inspection and control at the cost of performance.

Q2. Describe the working of a Stateful Inspection Firewall with a diagram.

Answer:

A Stateful Inspection Firewall (also called a dynamic packet filtering firewall) monitors the
state of active connections and makes decisions based on the context of traffic, rather than
individual packets.

Working:

 Maintains a state table that tracks each connection (source/destination IP, port,
protocol, state).
 Only allows packets that are part of a known active session.
 Examines both header information and connection state.

Advantages:

 More secure than stateless firewalls.

 Protects against spoofing and some DoS attacks.
 Efficient handling of return traffic.

Diagram:

pgsql
CopyEdit
+------------------+
| External Network |
+--------+---------+
|
v
+------------------------+
| Stateful Inspection FW |
| - Tracks connections |
| - Maintains state info |
+------------------------+
|
v
+------------------+
| Internal Network |
+------------------+

Q3. What is a bastion host? Explain its role in firewall configurations.

Answer:

A bastion host is a highly secured system specifically designed to withstand attacks, often
used in firewall configurations as a key defense point.

Role in Firewall Configurations:

 Acts as a gateway between trusted and untrusted networks.

 Hosts critical services (e.g., proxy, authentication server).
 Placed in the DMZ (Demilitarized Zone) or outside the internal network.
 Is hardened with minimal services and regular security patches.
 Monitored closely for suspicious activity.

Use Case Example: In a screened subnet architecture, a bastion host may serve as a proxy
server between internal users and the Internet, enforcing strict access control and logging.

Q4. Compare Single-homed, Dual-homed, and Screened-subnet firewall

architectures.

Answer:

Security
Architecture Interfaces Description
Level
Single-homed Simple host with firewall software connected to
1 Low
Bastion internal or external network
Dual-homed Host with two NICs; separates internal and
2 Medium
Bastion external networks
Includes a DMZ with a perimeter network,
Screened Subnet 3+ High
internal firewall, and bastion host

Screened Subnet Diagram (simplified):

csharp
CopyEdit
Internet
|
[Perimeter Router]
|
[DMZ with Bastion Host]
|
[Internal Firewall]
|
Internal Network

The screened subnet offers the best protection, allowing limited access to public services
while isolating the internal network.

Q5. Explain how a DMZ (Demilitarized Zone) enhances network security.

Provide a sample network setup.

Answer:

A DMZ is a buffer zone between the internal network and the external (Internet) that hosts
public-facing services (web, DNS, mail servers) while isolating internal resources.

Security Benefits:

 External users can access DMZ services without direct access to the internal network.
 Even if DMZ servers are compromised, internal network remains protected.
 Allows segmented monitoring and intrusion detection.

Sample DMZ Setup:

less
CopyEdit
Internet
|
[Edge Router]
|
+--------------+
| Firewall |
+--------------+
/ \
[DMZ] [Internal Network]
Web, Mail, Confidential Data,
DNS Servers HR, Finance Systems

Conclusion: DMZ is an effective strategy in layered security to expose only necessary

services while shielding sensitive data.