Certified Ethical Hacker (CEH v11) — Question 2

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound
HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Answer options

• A. Circuit
• B. Stateful
• C. Application
• D. Packet Filtering

Correct answer: C

Explanation

The correct answer is C, Application, because it inspects the data payload of traffic, allowing only certain types of traffic like HTTP while blocking others such as IRC. The other types of firewalls, like Circuit and Packet Filtering, do not analyze the application layer data, which is why they would not block IRC traffic specifically while allowing HTTP.