nerdexam
EC-Council

312-50V13 · Question #565

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of fi

The correct answer is C. Application. When IRC traffic over port 80/TCP is blocked while HTTP traffic over the same port is unimpeded, it indicates that an application firewall is inspecting the traffic at the application layer to identify and filter non-HTTP protocols.

Submitted by tunde_lagos· Mar 6, 2026Evading IDS, Firewalls, and Honeypots

Question

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Options

  • ACircuit
  • BStateful
  • CApplication
  • DPacket Filtering

How the community answered

(43 responses)
  • A
    5% (2)
  • B
    9% (4)
  • C
    72% (31)
  • D
    14% (6)

Why each option

When IRC traffic over port 80/TCP is blocked while HTTP traffic over the same port is unimpeded, it indicates that an application firewall is inspecting the traffic at the application layer to identify and filter non-HTTP protocols.

ACircuit

A circuit-level gateway operates at the session layer and typically establishes a connection between hosts without inspecting the application-layer content.

BStateful

A stateful firewall tracks the state of active connections but generally does not inspect the content of application-layer protocols to differentiate between, for example, HTTP and IRC on the same port.

CApplicationCorrect

An application firewall, also known as an Application Layer Gateway (ALG), inspects traffic at the application layer, allowing it to differentiate between legitimate HTTP traffic and other protocols (like IRC) attempting to use port 80, and then apply specific filtering rules.

DPacket Filtering

A packet filtering firewall operates at the network and transport layers, primarily inspecting IP addresses, ports, and protocols, and would not typically distinguish between different application-layer protocols running on the same port.

Concept tested: Application layer firewall functionality

Source: https://learn.microsoft.com/en-us/windows/win32/winsock/application-layer-gateways

Topics

#Firewall types#Application firewall#Traffic inspection#Port blocking

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice