Certified Ethical Hacker (CEH v10) — Question 171

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound
HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Answer options

• A. Circuit
• B. Stateful
• C. Application
• D. Packet Filtering

Correct answer: C

Explanation

The correct answer is C, Application, because it inspects the data at the application layer and can block specific types of traffic like IRC while allowing HTTP. Circuit and Packet Filtering firewalls operate at lower levels and are not capable of such detailed inspection. Stateful firewalls track the state of active connections but do not inspect the application layer content as thoroughly as application firewalls do.