Connection State — CompTIA PenTest+ (PT0-002) Practice Questions
Connection state refers to whether a network device or firewall tracks the status of active TCP sessions to make forwarding and filtering decisions, which is the basis of stateful packet inspection. On the PT0-002 exam, understanding connection state is important for explaining why certain port scan techniques (such as sending packets with unexpected flag combinations) can bypass stateless access control lists but not stateful firewalls. Stateful firewalls allow return traffic for established connections while blocking unsolicited inbound packets, and testers must account for this behavior when planning scans and exploitation attempts. The exam may present scenarios where the tester must choose scan techniques or evasion strategies based on whether stateful inspection is in place.