312-50V11 · Question #489
While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noticed that outbound HT
The correct answer is A. Stateful. A stateful firewall tracks the full state of active TCP connections, allowing legitimate HTTP sessions while blocking traffic like IRC that does not match an established, permitted connection state.
Question
While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noticed that outbound HTTP traffic is being allowed. What type of firewall is being utilized for the outbound traffic?
Options
- AStateful
- BApplication
- CCircuit
- DPacket Filtering
How the community answered
(32 responses)- A78% (25)
- B13% (4)
- C3% (1)
- D6% (2)
Why each option
A stateful firewall tracks the full state of active TCP connections, allowing legitimate HTTP sessions while blocking traffic like IRC that does not match an established, permitted connection state.
A stateful firewall maintains a state table that records the state of all active network connections, including TCP handshake stages. When outbound HTTP traffic on port 80 initiates a valid TCP session, the stateful firewall permits it and tracks it in the state table. IRC traffic attempting to use the same port would not match an expected HTTP session state and is blocked because it violates the tracked connection context.
An application-layer firewall performs deep packet inspection at Layer 7, but the scenario describes stateful connection tracking rather than full protocol content analysis.
A circuit-level gateway operates at the session layer and validates TCP handshakes, but does not track ongoing connection states to differentiate traffic types on the same port.
A packet-filtering firewall only inspects individual packets based on IP and port rules and has no connection state awareness, so it would allow both HTTP and IRC on port 80 without distinguishing them.
Concept tested: Stateful firewall connection tracking and traffic inspection
Source: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confirewall.html
Topics
Community Discussion
No community discussion yet for this question.