Comptia Security Plus Mock Test Q75

An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:

A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT

Correct Answer: D
Section: Network Security

Explanation:
NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.

Incorrect Answers:
A: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity.

B: A packet filter firewall filters traffic based on basic identification items found in a network packet’s header. These items include source and destination address, port numbers, and
protocols used.

C: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.

References:
http://en.wikipedia.org/wiki/Intrusion_prevention_system
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 39