Certified Ethical Hacker (CEH v10) — Question 169

A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below:
✑ Access List should be written between VLANs.
✑ Port security should be enabled for the intranet.
✑ A security solution which filters data packets should be set between intranet (LAN) and DMZ.
✑ A WAF should be used in front of the web applications.
According to the section from the report, which of the following choice is true?

Answer options

• A. A stateful firewall can be used between intranet (LAN) and DMZ.
• B. There is access control policy between VLANs.
• C. MAC Spoof attacks cannot be performed.
• D. Possibility of SQL Injection attack is eliminated.

Correct answer: A

Explanation

The correct answer is A because a stateful firewall is designed to monitor the state of active connections and can effectively filter traffic between the intranet and DMZ as suggested in the report. Option B is incorrect as the report states a recommendation rather than confirming an existing policy. Option C is not accurate because MAC spoofing can still occur if proper controls are not in place. Option D is misleading, as while a WAF can mitigate SQL Injection attacks, it does not guarantee complete elimination.