EC-Council
312-50V11 · Question #489
312-50V11 Question #489: Real Exam Question with Answer & Explanation
The correct answer is A: Stateful. A stateful firewall tracks the full state of active TCP connections, allowing legitimate HTTP sessions while blocking traffic like IRC that does not match an established, permitted connection state.
Evading IDS, Firewalls, and Honeypots
Question
While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noticed that outbound HTTP traffic is being allowed. What type of firewall is being utilized for the outbound traffic?
Options
- AStateful
- BApplication
- CCircuit
- DPacket Filtering
Explanation
A stateful firewall tracks the full state of active TCP connections, allowing legitimate HTTP sessions while blocking traffic like IRC that does not match an established, permitted connection state.
Common mistakes.
- B. An application-layer firewall performs deep packet inspection at Layer 7, but the scenario describes stateful connection tracking rather than full protocol content analysis.
- C. A circuit-level gateway operates at the session layer and validates TCP handshakes, but does not track ongoing connection states to differentiate traffic types on the same port.
- D. A packet-filtering firewall only inspects individual packets based on IP and port rules and has no connection state awareness, so it would allow both HTTP and IRC on port 80 without distinguishing them.
Concept tested. Stateful firewall connection tracking and traffic inspection
Reference. https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confirewall.html
Topics
#stateful firewall#traffic inspection#packet filtering#firewall types
Community Discussion
No community discussion yet for this question.