Certified Ethical Hacker (CEH) — Question 79

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Answer options

• A. Network firewalls can prevent attacks because they can detect malicious HTTP traffic.
• B. Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.
• C. Network firewalls can prevent attacks if they are properly configured.
• D. Network firewalls cannot prevent attacks because they are too complex to configure.

Correct answer: B

Explanation

The correct answer is B, as the need to keep ports 80 and 443 open for web traffic means that firewalls cannot effectively block all possible attack vectors on those ports. Option A is incorrect because while firewalls can detect some malicious traffic, they cannot block attacks solely based on this capability. Option C is misleading since proper configuration does not change the fundamental issue of open ports, and D is incorrect as complexity does not inherently prevent firewalls from functioning effectively.