Answer is C. An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications. References: http://searchsoftwarequality.techtarget.com/definition/application-firewall

Pay attention to the question the the distraction that comes before it, the question is: What type of firewall is inspecting outbound traffic? The answer is B. If inbound = no and outbound = yes, it is a stateful inspection.

the correct answer could also be B. Stateful, as stateful firewalls can be configured to allow or block traffic based on the state information of connections. Stateful firewalls, however, typically operate at the network layer and may not inspect the application layer content as deeply as application layer firewalls do. The distinction between stateful and application layer firewalls may depend on the specific features and configuration of the firewall in use.

Application Firewall

In this scenario, the blocked IRC traffic from the compromised web-enabled host suggests that the firewall is inspecting the application-layer protocol of outbound traffic. However, outbound HTTP traffic is unrestricted.

Answer is C

In this scenario, the type of firewall that is inspecting outbound traffic and blocking IRC traffic over port 80/TCP is likely an Application Firewall. An Application Firewall, also known as an Application Layer Firewall or Proxy Firewall, operates at the application layer of the OSI model. It is designed to analyze the traffic based on the specific protocols and applications being used. In this case, the firewall is detecting that the traffic over port 80/TCP is attempting to pass IRC traffic, which is against the intended use of HTTP (web traffic). The firewall identifies the application and its behavior and makes decisions on whether to allow or block the traffic.

stateful inspection - reviews traffic before deciding action. cant believe how many ppl voted application

C, Application firewall, takes decision based on app-ID

The answer is Stateful Inspection.

D. Packet filtering firewall: Operates at the network layer (Layer 3) of the OSI model and can filter traffic based on source and destination IP addresses, port numbers, and protocols It does not inspect the contents of the packets beyond the basic header information In the given scenario, the firewall is allowing outbound HTTP traffic over port 80/TCP while blocking IRC traffic, which also uses port 80/TCP. Since the firewall is not inspecting the contents of the packets beyond the basic header information, it cannot differentiate between IRC and HTTP traffic on the same port Therefore, it is likely that the firewall is a Packet Filtering firewall and this is the correct answer.

According to the EC-Council study material for the CEH (Certified Ethical Hacker) certification, the correct answer to the question would be B. Stateful firewall. In the study material, it is stated that a stateful firewall is able to inspect traffic at the connection level and make filtering decisions based on the state of the connection, which could explain why IRC traffic was blocked while HTTP traffic went unrestricted. It is worth mentioning that, in practice, the term "application firewall" is often used more specifically to refer to a firewall capable of inspecting application-level traffic, as explained above. However, in the context of the question in the CEH exam, the acceptable and expected answer is B. Stateful firewall.

Its C. Port 80 is HTTP, 7 layer firewalls is used at web services.

An application firewall inspects outbound traffic at the application layer and can differentiate between different types of traffic, even if they are using the same port. In this case, the firewall is able to identify and block IRC traffic on port 80/TCP while still allowing HTTP traffic to pass through.

Based on the information provided, it is likely that the firewall inspecting outbound traffic is an application layer firewall (also known as a proxy firewall). Application layer firewalls operate at the application layer of the OSI model and inspect traffic at a deeper level than traditional packet-filtering firewalls. They can examine the contents of the traffic and enforce more granular rules based on the specific application protocol being used. In this scenario, it appears that the firewall is inspecting the outbound HTTP traffic and allowing it to pass through while blocking the IRC traffic over port 80/TCP. This could indicate that the firewall is configured to allow only HTTP traffic over port 80/TCP and is blocking all other traffic, including IRC traffic. It is worth noting that this is just one possible explanation for the observed behavior, and there could be other factors at play. A more thorough analysis of the firewall's configuration and behavior would be needed to provide a definitive answer.

c is correct

it's able to distinguish different application traffic on the same port