Which statement reflects a limitation of firewalls?

• A. They cannot prevent backdoor attacks
• B. They cannot be configured
• C. They always encrypt traffic
• D. They excel at malware removal

Answer: (A)

Firewalls control traffic at the network boundary, but they have blind spots that limit their ability to stop backdoors. A backdoor is a covert channel established on a compromised host, often after the initial breach, that allows an attacker to issue commands or exfiltrate data from inside the network. Because the traffic may use common protocols or encrypted channels, the firewall can struggle to see what’s really happening or may be unable to inspect the payload without intrusive SSL/TLS interception, which isn’t always feasible or desirable. Even if the firewall blocks external access, the attacker already inside the network can use legitimate services to communicate, which the firewall may not block. Detecting and stopping backdoors requires host-based security, anomaly detection, and behavior-focused protections in addition to perimeter controls.