What does a firewall inspect to decide whether to allow packets into an organization?

• A. Source IP addresses only
• B. Destination IP addresses only
• C. Transport layer port numbers and application layer headers
• D. Data payload length only

Answer: (C)

Firewalls decide what to allow by identifying the service being requested and applying policy to that service, not just by routing information. The transport layer port numbers indicate which service is being accessed (for example, HTTP on port 80 or HTTPS on port 443), and many modern firewalls go further by inspecting application-layer headers to understand the actual application protocol and enforce rules specific to that application. This combination lets the firewall distinguish allowed traffic from blocked traffic more accurately than simply checking IP addresses or other single factors. Checking only IPs would blur different services behind the same host, and looking at payload length provides no meaningful policy information. Therefore, evaluating both port numbers and application-layer headers best captures how a firewall makes access decisions.