Which of the following types of attacks cannot be prevented by a firewall? Each correct answer represents a complete solution. Choose all that apply.

A.
Phishing attack

B.
Ping flood attack

C.
URL obfuscation attack

D.
Shoulder surfing attack

Explanation:
URL obfuscation attacks, phishing attacks, and shoulder surfing attacks are examples of social engineering attacks. Since these attacks occur as a result of man-made mistakes, they cannot be prevented with the help of any firewall.
What is social engineering?
Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user’s computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. Answer option B is incorrect. A firewall can simply block the IP address from where large numbers of ICMP requests are coming to the server. Hence, a ping flood attack can be prevented with the help of a firewall.
What is a ping flood attack?
In a ping flood attack, an attacker sends a large number of ICMP packets to the target computer using the ping command, i.e., ping -f target_IP_address. When the target computer receives these packets in large quantities, it does not respond and hangs. However, for such an attack to take place, the attacker must have sufficient Internet bandwidth, because if the target responds with an “ECHO reply ICMP packet” message, the attacker must have both the incoming and outgoing bandwidths available for communication.
What is a firewall?
A firewall is a combination of software and hardware that prevents data packets from coming in or going out of a specified network or computer. It is used to separate an internal network from the Internet. It analyzes all the traffic between a network and the Internet, and provides centralized access control on how users should use the network. A firewall can also perform the following functions: Block unwanted traffic. Direct the incoming traffic to more trustworthy internal computers. Hide vulnerable computers that are exposed to the Internet. Log traffic to and from the private network. Hide information, such as computer names, network topology, network device types, and internal user IDs from external users.