iSACA Cybersecurity Fundamentals Certification Practice Exam

Which is a disadvantage of a packet-filtering firewall?

• A. It can be complex to configure
• B. It can hide the network from outside intrusion
• C. It is vulnerable when filters are misconfigured
• D. It provides too much control over IP traffic

The correct answer is: It is vulnerable when filters are misconfigured

Packet-filtering firewalls are designed to allow or block traffic based on predetermined security rules. A disadvantage of these firewalls is their vulnerability when filters are misconfigured. This misconfiguration can lead to unintentional exposure of sensitive network traffic or resources, allowing unwanted access from outside sources or blocking legitimate traffic necessary for business operations. When filters are not set correctly, they might either allow harmful traffic to pass through or block legitimate traffic that users need to establish connections. This makes it crucial to have a clear understanding of the traffic patterns and security requirements of the network to ensure appropriate configurations are made. Proper management and regular audits of these rules are necessary to mitigate this vulnerability and to maintain network security. Other options present different aspects of packet-filtering firewalls, but they do not directly address a significant security flaw as misconfiguration does. For instance, while configuration complexity may be an issue, it does not inherently create security vulnerabilities unless coupled with improper management. The ability of the firewall to hide the network and control over IP traffic also does not align with the core disadvantage associated with the threat of misconfiguration.