Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?
Answer is C. An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications.
References: http://searchsoftwarequality.techtarget.com/definition/application-firewall
Pay attention to the question the the distraction that comes before it, the question is:
What type of firewall is inspecting outbound traffic?
The answer is B. If inbound = no and outbound = yes, it is a stateful inspection.
the correct answer could also be B. Stateful, as stateful firewalls can be configured to allow or block traffic based on the state information of connections. Stateful firewalls, however, typically operate at the network layer and may not inspect the application layer content as deeply as application layer firewalls do. The distinction between stateful and application layer firewalls may depend on the specific features and configuration of the firewall in use.
In this scenario, the blocked IRC traffic from the compromised web-enabled host suggests that the firewall is inspecting the application-layer protocol of outbound traffic. However, outbound HTTP traffic is unrestricted.
In this scenario, the type of firewall that is inspecting outbound traffic and blocking IRC traffic over port 80/TCP is likely an Application Firewall.
An Application Firewall, also known as an Application Layer Firewall or Proxy Firewall, operates at the application layer of the OSI model. It is designed to analyze the traffic based on the specific protocols and applications being used. In this case, the firewall is detecting that the traffic over port 80/TCP is attempting to pass IRC traffic, which is against the intended use of HTTP (web traffic). The firewall identifies the application and its behavior and makes decisions on whether to allow or block the traffic.
D. Packet filtering firewall:
Operates at the network layer (Layer 3) of the OSI model and can filter traffic based on source and destination IP addresses, port numbers, and protocols
It does not inspect the contents of the packets beyond the basic header information
In the given scenario, the firewall is allowing outbound HTTP traffic over port 80/TCP while blocking IRC traffic, which also uses port 80/TCP.
Since the firewall is not inspecting the contents of the packets beyond the basic header information, it cannot differentiate between IRC and HTTP traffic on the same port
Therefore, it is likely that the firewall is a Packet Filtering firewall and this is the correct answer.
According to the EC-Council study material for the CEH (Certified Ethical Hacker) certification, the correct answer to the question would be B. Stateful firewall.
In the study material, it is stated that a stateful firewall is able to inspect traffic at the connection level and make filtering decisions based on the state of the connection, which could explain why IRC traffic was blocked while HTTP traffic went unrestricted.
It is worth mentioning that, in practice, the term "application firewall" is often used more specifically to refer to a firewall capable of inspecting application-level traffic, as explained above.
However, in the context of the question in the CEH exam, the acceptable and expected answer is B. Stateful firewall.
An application firewall inspects outbound traffic at the application layer and can differentiate between different types of traffic, even if they are using the same port. In this case, the firewall is able to identify and block IRC traffic on port 80/TCP while still allowing HTTP traffic to pass through.
Based on the information provided, it is likely that the firewall inspecting outbound traffic is an application layer firewall (also known as a proxy firewall).
Application layer firewalls operate at the application layer of the OSI model and inspect traffic at a deeper level than traditional packet-filtering firewalls. They can examine the contents of the traffic and enforce more granular rules based on the specific application protocol being used.
In this scenario, it appears that the firewall is inspecting the outbound HTTP traffic and allowing it to pass through while blocking the IRC traffic over port 80/TCP. This could indicate that the firewall is configured to allow only HTTP traffic over port 80/TCP and is blocking all other traffic, including IRC traffic.
It is worth noting that this is just one possible explanation for the observed behavior, and there could be other factors at play. A more thorough analysis of the firewall's configuration and behavior would be needed to provide a definitive answer.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
americaman80
Highly Voted 3 years agoDpsypher
Highly Voted 2 years, 3 months agoSMDRK
Most Recent 3 months, 3 weeks agosudowhoami
5 months, 2 weeks agoVincent_Lu
7 months, 2 weeks agobrubrain
7 months, 3 weeks agoostorgaf
7 months, 4 weeks agoCizzla7049
8 months, 1 week agoBenignhack
8 months, 1 week agofelipe159
11 months agoadminofexamtopics
11 months, 3 weeks agovictorfs
11 months, 3 weeks agosTaTiK
1 year agoqovert
1 year agoChamod_Ridmal
1 year, 1 month agoguspukeydo
1 year, 1 month agoFlav_man
1 year, 1 month ago