Chapter 66 · Quiz

Firewall Types Quiz

10 questions covering traditional firewalls, UTM, NGFW, WAF, deep packet inspection, and firewall selection scenarios.

Question 1 of 6
An organization's security policy requires that employees can view YouTube but cannot upload videos, and can read Twitter but cannot post. The current perimeter firewall allows all outbound HTTPS (port 443) traffic. Which firewall type is required to enforce these application-specific restrictions?
Question 2 of 6
A traditional network-based firewall operating at OSI Layer 4 makes forwarding decisions based on which of the following? (Select the BEST answer.)
Question 3 of 6
A payment processing company is required by PCI DSS to protect its web-based checkout application from SQL injection and cross-site scripting attacks. Which security device specifically addresses this requirement?
Question 4 of 6
Which of the following is a defining characteristic of a Unified Threat Management (UTM) appliance compared to a dedicated Next-Generation Firewall?
Question 5 of 6
An NGFW can block a known SQL Server vulnerability exploit even when the SQL Server traffic is using a non-standard port. Which NGFW capability enables this?
Question 6 of 6
An organization deploys a security device that is positioned as a reverse proxy in front of its web server. It logs entries showing "SQL Injection in Parameter — BLOCKED" and "XSS attempt — BLOCKED" for inbound HTTP requests. Which type of device is generating these logs?

Matching

Match each description to the firewall type it best represents.

1. Inspects HTTP/HTTPS input and blocks SQL injection, XSS, and path traversal attacks — deployed as a reverse proxy in front of web servers; required by PCI DSS for cardholder data environments
2. Bundles firewall, IDS/IPS, URL filtering, malware scanning, spam filtering, VPN endpoint, and bandwidth shaping into a single all-in-one appliance — designed for simplified management, primarily Layer 4 operation
3. Performs deep packet inspection at Layer 7 to identify the actual application regardless of port number — can distinguish YouTube viewing from YouTube uploading on the same port; integrates IPS and URL categorization
4. Makes forwarding decisions based on OSI Layer 3–4 headers (IP address and port number) — does not inspect packet payload; includes NAT and site-to-site VPN functionality
A. WAF
B. UTM
C. NGFW
D. Traditional Firewall