Certified Ethical Hacker Certification (CEHv10) Practice Test 2026 - Free CEH Practice Questions and Study Guide

The choice indicating a firewall breach is identified as NOT an application threat type because it pertains to network security rather than application-level vulnerabilities. Firewalls serve as a barrier to control incoming and outgoing network traffic based on predetermined security rules, and a breach of a firewall indicates a failure of that network security device rather than a specific vulnerability or exploit related to applications.

In contrast, SQL injection, cross-site scripting, and identity spoofing all directly relate to application threats. SQL injection exploits vulnerabilities in SQL databases by inserting malicious SQL queries through input fields, allowing attackers to manipulate or access sensitive data. Cross-site scripting involves an attacker injecting malicious scripts into webpages viewed by users, potentially leading to session hijacking or data theft. Identity spoofing refers to forging identity credentials to gain unauthorized access, typically targeting applications that utilize user authentication. These threats directly compromise application integrity and user data, highlighting the focus on vulnerabilities within application environments.