Certified Ethical Hacker (CEH) — Question 92
During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered.
Based on this response, which type of packet inspection is the firewall conducting?
Answer options
- A. Host
- B. Stateful
- C. Stateless
- D. Application
Correct answer: C
Explanation
The correct answer is C, as a stateless firewall does not track the state of connections and only examines the header information of packets. Since NMAP reports that port 80 is unfiltered, this suggests that the firewall is not maintaining a state table, which is characteristic of stateless filtering. The other options imply more complex inspection methods that would not lead to an unfiltered state for a port.