nerdexam
EC-Council

312-50V11 · Question #489

While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noticed that outbound HT

The correct answer is A. Stateful. A stateful firewall tracks the full state of active TCP connections, allowing legitimate HTTP sessions while blocking traffic like IRC that does not match an established, permitted connection state.

Evading IDS, Firewalls, and Honeypots

Question

While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noticed that outbound HTTP traffic is being allowed. What type of firewall is being utilized for the outbound traffic?

Options

  • AStateful
  • BApplication
  • CCircuit
  • DPacket Filtering

How the community answered

(32 responses)
  • A
    78% (25)
  • B
    13% (4)
  • C
    3% (1)
  • D
    6% (2)

Why each option

A stateful firewall tracks the full state of active TCP connections, allowing legitimate HTTP sessions while blocking traffic like IRC that does not match an established, permitted connection state.

AStatefulCorrect

A stateful firewall maintains a state table that records the state of all active network connections, including TCP handshake stages. When outbound HTTP traffic on port 80 initiates a valid TCP session, the stateful firewall permits it and tracks it in the state table. IRC traffic attempting to use the same port would not match an expected HTTP session state and is blocked because it violates the tracked connection context.

BApplication

An application-layer firewall performs deep packet inspection at Layer 7, but the scenario describes stateful connection tracking rather than full protocol content analysis.

CCircuit

A circuit-level gateway operates at the session layer and validates TCP handshakes, but does not track ongoing connection states to differentiate traffic types on the same port.

DPacket Filtering

A packet-filtering firewall only inspects individual packets based on IP and port rules and has no connection state awareness, so it would allow both HTTP and IRC on port 80 without distinguishing them.

Concept tested: Stateful firewall connection tracking and traffic inspection

Source: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confirewall.html

Topics

#stateful firewall#traffic inspection#packet filtering#firewall types

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice