• Home
  • Articles
  • 312-50v13 Free Certification Exam Easy to Download PDF Format 2025 [Q267-Q290]

312-50v13 Free Certification Exam Easy to Download PDF Format 2025 [Q267-Q290]

Share

312-50v13 Free Certification Exam Easy to Download PDF Format 2025

Get 100% Success with Latest CEH v13 312-50v13 Exam Dumps

NEW QUESTION # 267
In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:
80/tcp open http-proxy Apache Server 7.1.6
what Information-gathering technique does this best describe?

  • A. Banner grabbing
  • B. Dictionary attack
  • C. WhOiS lookup
  • D. Brute forcing

Answer: A

Explanation:
Banner grabbing is a technique wont to gain info about a computer system on a network and the services running on its open ports. administrators will use this to take inventory of the systems and services on their network. However, an to find will use banner grabbing so as to search out network hosts that are running versions of applications and operating systems with known exploits.
Some samples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 severally. Tools normally used to perform banner grabbing are Telnet, nmap and Netcat.
For example, one may establish a connection to a target internet server using Netcat, then send an HTTP request. The response can usually contain info about the service running on the host:

This information may be used by an administrator to catalog this system, or by an intruder to narrow down a list of applicable exploits.
To prevent this, network administrators should restrict access to services on their networks and shut down unused or unnecessary services running on network hosts. Shodan is a search engine for banners grabbed from portscanning the Internet.


NEW QUESTION # 268
An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given
'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

  • A. m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection
  • B. 95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower
  • C. m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time
  • D. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant

Answer: D

Explanation:
A Slow HTTP POST attack is a type of denial-of-service (DoS) attack that exploits the way web servers handle HTTP requests. The attacker sends a legitimate HTTP POST header to the web server, specifying a large amount of data to be sent in the request body. However, the attacker then sends the data very slowly, keeping the connection open and occupying the server's resources. The attacker can launch multiple such connections, exceeding the server's capacity to handle concurrent requests and preventing legitimate users from accessing the web server.
The attack duration D is given by the formula D = a * b, where a is the number of connections and b is the hold-up time per connection. The attacker intends to maximize D by manipulating a and b. The server can manage m connections per second, but any connections exceeding m will overwhelm the system. Therefore, the scenario that is most likely to result in the longest duration of server unavailability is the one where a > m and b is the largest. Among the four options, this is the case for option B, where a = 100, m = 90, and b = 15.
In this scenario, D = 100 * 15 = 1500 seconds, which is the longest among the four options. Option A has a larger b, but a < m, so the server can handle the connections without being overwhelmed. Option C has a > m, but a smaller b, so the attack duration is shorter. Option D has a > m, but a smaller b and a smaller difference between a and m, so the attack duration is also shorter. References:
* What is a Slow POST Attack & How to Prevent One? (Guide)
* Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server - Acunetix
* What is a Slow Post DDoS Attack? | NETSCOUT


NEW QUESTION # 269
What is the least important information when you analyze a public IP address in a security alert?

  • A. DNS
  • B. Geolocation
  • C. ARP
  • D. Whois

Answer: C

Explanation:
In CEH v13 Module 02: Footprinting and Reconnaissance, and Module 03: Scanning Networks, several tools and techniques are introduced for analyzing public IP addresses when investigating a security alert.
Let's evaluate the options:
A). DNS: Domain Name System (DNS) is essential in mapping IPs to domains. Reverse DNS lookups can reveal if the IP is associated with a malicious domain, and forward lookups can confirm legitimacy.
B). Whois: WHOIS records are crucial for identifying IP ownership, registration data, and abuse contacts. It helps assess if the IP belongs to a known threat actor or suspicious hosting provider.
C). Geolocation: Helps you understand where the IP is physically located. If the IP is in a country known for cybercrime or doesn't match your user's location, it raises red flags.
D). ARP (Address Resolution Protocol): # ARP is local to Layer 2 and works only within a LAN (Local Area Network). ARP cannot resolve or analyze public IP addresses which operate in Layer 3 of the OSI model.
Thus, ARP is the least relevant when analyzing a public IP address, as it deals with MAC-to-IP mapping only in local environments.
Reference:
Module 02 - Public IP Analysis Tools (WHOIS, DNS, IP Lookup)
CEH iLabs: IP Attribution and Threat Hunting using WHOIS & Geolocation


NEW QUESTION # 270
Mirai malware targets IoT devices. After infiltration, it uses them to propagate and create botnets that are then used to launch which types of attack?

  • A. Password attack
  • B. DDoS attack
  • C. MITM attack
  • D. Birthday attack

Answer: B

Explanation:
The Mirai malware primarily targets Internet of Things (IoT) devices with weak or default credentials. Once infected, these devices become part of a botnet that the attacker controls remotely. The primary use of Mirai botnets is to perform Distributed Denial of Service (DDoS) attacks.
* DDoS attacks flood a target (server, application, or network) with massive traffic, overwhelming resources and causing service outages.
* Mirai gained infamy after being used in large-scale DDoS attacks, including against DNS provider Dyn, which caused widespread internet outages.
Incorrect Options:
* A. MITM attacks involve intercepting communications.
* B. Birthday attacks are cryptographic hash collision techniques.
* D. Password attacks refer to credential brute-forcing; although Mirai uses default credentials, its main attack vector is DDoS.
Reference - CEH v13 Official Courseware:
* Module 18: IoT and OT Hacking
* Section: "IoT Malware"
* Subsection: "Mirai Botnet and Real-World Attacks"
* CEH Engage: IoT Botnet Simulation


NEW QUESTION # 271
David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

  • A. Vulnerability scan
  • B. Risk assessment
  • C. Remediation
  • D. verification

Answer: C

Explanation:
Vulnerability-Management Life Cycle The vulnerability management life cycle is an important process that helps identify and remediate security weaknesses before they can be exploited. 4.Remediation - applying fixes on vulnerable systems in order to reduce the impact and severity of vulnerabilities. (P.515/499)


NEW QUESTION # 272
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing - Reports
https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack?

  • A. BBProxy
  • B. Blooover
  • C. Paros Proxy
  • D. BBCrack

Answer: A


NEW QUESTION # 273
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. Passwords must be at least 8 characters and use 3 of the 4 categories (lowercase, uppercase, numbers, special characters). With your knowledge of likely user habits, what would be the fastest type of password cracking attack to run against these hash values?

  • A. Online Attack
  • B. Brute Force Attack
  • C. Hybrid Attack
  • D. Dictionary Attack

Answer: C

Explanation:
A hybrid attack combines a dictionary and brute-force approach. Given that:
* Passwords are required to be complex
* Users still often choose predictable variations (e.g., Password123!, Welcome@2024) A hybrid attack is best suited because it applies common mutations to known words-much faster than full brute force and more effective than a plain dictionary attack.
From CEH v13 Courseware:
* Module 6: Password Cracking # Attack Techniques
CEH v13 Study Guide states:
"Hybrid attacks combine the speed of dictionary attacks with some of the thoroughness of brute-force. It's ideal when users use complex but predictable passwords." Incorrect Options:
* A: Online attacks are slow and may trigger account lockouts.
* B: Plain dictionary attacks won't cover variations like "P@ssw0rd!"
* C: Brute-force would be too slow for complex passwords.
Reference:CEH v13 Study Guide - Module 6: Password Attack StrategiesOWASP Password Cracking Cheat Sheet


NEW QUESTION # 274
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports, and services on a target network. He used Nmap for network inventory and Hping3 for network security auditing. However, he wanted to spoof IP addresses for anonymity during probing. Which command should the CEH use to perform this task?

  • A. Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 -flood
  • B. Hping3 -110.0.0.25 --ICMP
  • C. Nmap -sS -Pn -n -vw --packet-trace -p- --script discovery -T4
  • D. Hping3-210.0.0.25-p 80

Answer: A

Explanation:
The command C. Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 -flood is the correct one to spoof IP addresses for anonymity during probing. This command sends SYN packets (-S) to the target IP 192.168.1.1 with a spoofed source IP (-a) 192.168.1.254 on port 22 (-p) and floods the target with packets (-flood). This way, the CEH can hide his real IP address and avoid detection by the target's firewall or IDS12.
The other commands are incorrect for the following reasons:
* A. Hping3 -110.0.0.25 --ICMP: This command sends ICMP packets (-ICMP) to the target IP 10.0.0.25, but does not spoof the source IP. Therefore, the CEH's real IP address will be exposed to the target.
* B. Nmap -sS -Pn -n -vw --packet-trace -p- --script discovery -T4: This command performs a stealthy SYN scan (-sS) on all ports (-p-) of the target without pinging it (-Pn) or resolving DNS names (-n). It also enables verbose output (-v), packet tracing (-packet-trace), and discovery scripts (-script discovery) with an aggressive timing (-T4). However, this command does not spoof the source IP, and in fact, reveals more information about the scan to the target by using packet tracing and discovery scripts.
* D. Hping3-210.0.0.25-p 80: This command sends TCP packets (default) to the target IP 10.0.0.25 on port 80 (-p), but does not spoof the source IP. Therefore, the CEH's real IP address will be exposed to the target.
References:
* 1: Master hping3 and Enhance Your Network Strength | GoLinuxCloud
* 2: Spoofing Packets with Hping3 - YouTube


NEW QUESTION # 275
Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario?

  • A. WebSite Watcher
  • B. WAFW00F
  • C. web-Stat
  • D. Webroot

Answer: C

Explanation:
Increase your web site's performance and grow! Add Web-Stat to your site (it's free!) and watch individuals act together with your pages in real time.
Learn how individuals realize your web site. Get details concerning every visitor's path through your web site and track pages that flip browsers into consumers.
One-click install. observe locations, in operation systems, browsers and screen sizes and obtain alerts for new guests and conversions


NEW QUESTION # 276
Your company was hired by a small healthcare provider to perform a technical assessment on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?

  • A. Use the built-in Windows Update tool
  • B. Create a disk image of a clean Windows installation
  • C. Use a scan tool like Nessus
  • D. Check MITRE.org for the latest list of CVE findings

Answer: C


NEW QUESTION # 277
As a part of an ethical hacking exercise, an attacker is probing a target network that is suspected to employ various honeypot systems for security. The attacker needs to detect and bypass these honeypots without alerting the target. The attacker decides to utilize a suite of techniques. Which of the following techniques would NOT assist in detecting a honeypot?

  • A. Using honeypot detection tools like Send-Safe Honeypot Hunter
  • B. Probing system services and observing the three-way handshake
  • C. Implementing a brute force attack to verify system vulnerability
  • D. Analyzing the MAC address to detect instances running on VMware

Answer: C

Explanation:
A brute force attack is a method of trying different combinations of passwords or keys to gain access to a system or service. It is not a reliable way of detecting a honeypot, as it may trigger an alert or response from the target. Moreover, a brute force attack does not provide any information about the system's characteristics or behavior that could indicate a honeypot. A honeypot is a decoy system that is designed to attract and trap attackers, while providing security teams with valuable intelligence and insights. Therefore, an ethical hacker needs to use more subtle and stealthy techniques to detect and avoid honeypots.
The other options are valid techniques for detecting a honeypot. Probing system services and observing the three-way handshake can reveal anomalies or inconsistencies in the system's responses, such as abnormal banners, ports, or protocols. Using honeypot detection tools like Send-Safe Honeypot Hunter can scan the target network and identify potential honeypots based on various criteria, such as IP address, domain name, or open ports. Analyzing the MAC address can detect instances running on VMware, which is a common platform for deploying honeypots. A honeypot running on VMware will have a MAC address that starts with
00:0C:29, 00:50:56, or 00:05:69. References:
* What is a Honeypot? Types, Benefits, Risks and Best Practices
* Using Honeypots for Network Intrusion Detection
* Detecting Honeypot Access With Varonis


NEW QUESTION # 278
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

  • A. Low
  • B. Critical
  • C. High
  • D. Medium

Answer: D

Explanation:
Rating CVSS Score
None 0.0
Low 0.1 - 3.9
Medium 4.0 - 6.9
High 7.0 - 8.9
Critical 9.0 - 10.0
https://www.first.org/cvss/v3.0/specification-document
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores. Two common uses of CVSS are calculating the severity of vulnerabilities discovered on one's systems and as a factor in prioritization of vulnerability remediation activities. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.
Qualitative Severity Rating Scale
For some purposes, it is useful to have a textual representation of the numeric Base, Temporal and Environmental scores.
Table Description automatically generated


NEW QUESTION # 279
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?

  • A. it is not necessary to perform any actions, as SNMP is not carrying important information.
  • B. RPC and the best practice is to disable RPC completely
  • C. SNMP and he should change it to SNMP V3
  • D. SNMP and he should change it to SNMP v2, which is encrypted

Answer: C

Explanation:
We have various articles already in our documentation for setting up SNMPv2 trap handling in Opsview, but SNMPv3 traps are a whole new ballgame. They can be quite confusing and complicated to set up the first time you go through the process, but when you understand what is going on, everything should make more sense.
SNMP has gone through several revisions to improve performance and security (version 1, 2c and 3). By default, it is a UDP port based protocol where communication is based on a 'fire and forget' methodology in which network packets are sent to another device, but there is no check for receipt of that packet (versus TCP port when a network packet must be acknowledged by the other end of the communication link).
There are two modes of operation with SNMP - get requests (or polling) where one device requests information from an SNMP enabled device on a regular basis (normally using UDP port 161), and traps where the SNMP enabled device sends a message to another device when an event occurs (normally using UDP port
162). The latter includes instances such as someone logging on, the device powering up or down, or a wide variety of other problems that would need this type of investigation.
This blog covers SNMPv3 traps, as polling and version 2c traps are covered elsewhere in our documentation.
SNMP traps
Since SNMP is primarily a UDP port based system, traps may be 'lost' when sending between devices; the sending device does not wait to see if the receiver got the trap. This means if the configuration on the sending device is wrong (using the wrong receiver IP address or port) or the receiver isn't listening for traps or rejecting them out of hand due to misconfiguration, the sender will never know.
The SNMP v2c specification introduced the idea of splitting traps into two types; the original 'hope it gets there' trap and the newer 'INFORM' traps. Upon receipt of an INFORM, the receiver must send an acknowledgement back. If the sender doesn't get the acknowledgement back, then it knows there is an existing problem and can log it for sysadmins to find when they interrogate the device.


NEW QUESTION # 280
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

  • A. Network-based scanner
  • B. Proxy scanner
  • C. Agent-based scanner
  • D. Cluster scanner

Answer: C

Explanation:
Agent-based scanners reside on a single machine but can scan several machines on the same network.
Network-based scanner
A network-based vulnerability scanner, in simplistic terms, is the process of identifying loopholes on a computer's network or IT assets, which hackers and threat actors can exploit. By implementing this process, one can successfully identify their organization's current risk(s). This is not where the buck stops; one can also verify the effectiveness of your system's security measures while improving internal and external defenses. Through this review, an organization is well equipped to take an extensive inventory of all systems, including operating systems, installed software, security patches, hardware, firewalls, anti-virus software, and much more.
Agent-based scanner
Agent-based scanners make use of software scanners on each and every device; the results of the scans are reported back to the central server. Such scanners are well equipped to find and report out on a range of vulnerabilities.
NOTE: This option is not suitable for us, since for it to work, you need to install a special agent on each computer before you start collecting data from them.


NEW QUESTION # 281
jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router. What attack has likely occurred?

  • A. Wireless sniffing
  • B. Wardriving
  • C. Evil twin
  • D. Piggybacking

Answer: C

Explanation:
An evil twin may be a fraudulent Wi-Fi access point that appears to be legitimate but is about up to pay attention to wireless communications.[1] The evil twin is that the wireless LAN equivalent of the phishing scam.
This type of attack could also be wont to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves fixing a fraudulent internet site and luring people there.
The attacker snoops on Internet traffic employing a bogus wireless access point. Unwitting web users could also be invited to log into the attacker's server, prompting them to enter sensitive information like usernames and passwords. Often, users are unaware they need been duped until well after the incident has occurred.
When users log into unsecured (non-HTTPS) bank or e-mail accounts, the attacker intercepts the transaction, since it's sent through their equipment. The attacker is additionally ready to hook up with other networks related to the users' credentials.
Fake access points are found out by configuring a wireless card to act as an access point (known as HostAP).
they're hard to trace since they will be shut off instantly. The counterfeit access point could also be given an equivalent SSID and BSSID as a close-by Wi-Fi network. The evil twin are often configured to pass Internet traffic through to the legitimate access point while monitoring the victim's connection, or it can simply say the system is temporarily unavailable after obtaining a username and password.


NEW QUESTION # 282
Which is the first step followed by Vulnerability Scanners for scanning a network?

  • A. OS Detection
  • B. TCP/UDP Port scanning
  • C. Firewall detection
  • D. Checking if the remote host is alive

Answer: D

Explanation:
Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
1. Locating nodes: The first step in vulnerability scanning is to locate live hosts in the target network using various scanning techniques.
2. Performing service and OS discovery on them: After detecting the live hosts in the target network, the next step is to enumerate the open ports and services and the operating system on the target systems.
3. Testing those services and OS for known vulnerabilities: Finally, after identifying the open services and the operating system running on the target nodes, they are tested for known vulnerabilities.


NEW QUESTION # 283
Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

  • A. Black hat
  • B. white hat
  • C. Gray hat
  • D. Red hat

Answer: B

Explanation:
A white hat (or a white hat hacker) is an ethical computer hacker, or a computer security expert, who focuses on penetration testing and in other testing methodologies that ensures the safety of an organization's information systems. Ethical hacking may be a term meant to imply a broader category than simply penetration testing. Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively. While a white hat hacker hacks under good intentions with permission, and a black hat hacker, most frequently unauthorized, has malicious intent, there's a 3rd kind referred to as a gray hat hacker who hacks with good intentions but sometimes without permission.
White hat hackers can also add teams called "sneakers and/or hacker clubs",red teams, or tiger teams.
While penetration testing concentrates on attacking software and computer systems from the beginning - scanning ports, examining known defects in protocols and applications running on the system and patch installations, as an example - ethical hacking may include other things. A full-blown ethical hack might include emailing staff to invite password details, searching through executive's dustbins and typically breaking and entering, without the knowledge and consent of the targets. Only the owners, CEOs and Board Members (stake holders) who asked for such a censoring of this magnitude are aware. to undertake to duplicate a number of the destructive techniques a true attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late in the dark while systems are less critical. In most up-to-date cases these hacks perpetuate for the long-term con (days, if not weeks, of long-term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software during a public area as if someone lost the tiny drive and an unsuspecting employee found it and took it.
Some other methods of completing these include:
* DoS attacks
* Social engineering tactics
* Reverse engineering
* Network security
* Disk and memory forensics
* Vulnerability research
* Security scanners such as:
- W3af
- Nessus
- Burp suite
* Frameworks such as:
- Metasploit
* Training Platforms
These methods identify and exploit known security vulnerabilities and plan to evade security to realize entry into secured areas. they're ready to do that by hiding software and system 'back-doors' which will be used as a link to information or access that a non-ethical hacker, also referred to as 'black-hat' or 'grey-hat', might want to succeed in .


NEW QUESTION # 284
jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes.
In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

  • A. Session hijacking
  • B. website mirroring
  • C. Website defacement
  • D. Web cache poisoning

Answer: B

Explanation:
A mirror site may be a website or set of files on a computer server that has been copied to a different computer server in order that the location or files are available from quite one place. A mirror site has its own URL, but is otherwise just like the principal site. Load-balancing devices allow high-volume sites to scale easily, dividing the work between multiple mirror sites.
A mirror site is typically updated frequently to make sure it reflects the contents of the first site. In some cases, the first site may arrange for a mirror site at a bigger location with a better speed connection and, perhaps, a better proximity to an outsized audience.
If the first site generates an excessive amount of traffic, a mirror site can ensure better availability of the web site or files. For websites that provide copies or updates of widely used software, a mirror site allows the location to handle larger demands and enables the downloaded files to arrive more quickly. Microsoft, Sun Microsystems and other companies have mirror sites from which their browser software are often downloaded.
Mirror sites are wont to make site access faster when the first site could also be geographically distant from those accessing it. A mirrored web server is usually located on a special continent from the principal site, allowing users on the brink of the mirror site to urge faster and more reliable access.
Mirroring an internet site also can be done to make sure that information are often made available to places where access could also be unreliable or censored. In 2013, when Chinese authorities blocked access to foreign media outlets just like the Wall Street Journal and Reuters, site mirroring was wont to restore access and circumvent government censorship.


NEW QUESTION # 285
You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: "The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. " Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?

  • A. The -f flag
  • B. The -g flag
  • C. The -D flag
  • D. The -A flag

Answer: C

Explanation:
flags -source-port and -g are equivalent and instruct nmap to send packets through a selected port. this option is used to try to cheat firewalls whitelisting traffic from specific ports. the following example can scan the target from the port twenty to ports eighty, 22, 21,23 and 25 sending fragmented packets to LinuxHint.


NEW QUESTION # 286
what firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?

  • A. Decoy scanning
  • B. Idle scanning
  • C. Packet fragmentation scanning
  • D. Spoof source address scanning

Answer: B

Explanation:
The idle scan could be a communications protocol port scan technique that consists of causing spoofed packets to a pc to seek out out what services square measure obtainable. this can be accomplished by impersonating another pc whose network traffic is extremely slow or nonexistent (that is, not transmission or receiving information). this might be associate idle pc, known as a "zombie".
This action are often done through common code network utilities like nmap and hping. The attack involves causing solid packets to a particular machine target in an attempt to seek out distinct characteristics of another zombie machine. The attack is refined as a result of there's no interaction between the offender pc and also the target: the offender interacts solely with the "zombie" pc.
This exploit functions with 2 functions, as a port scanner and a clerk of sure informatics relationships between machines. The target system interacts with the "zombie" pc and distinction in behavior are often discovered mistreatment totally different|completely different "zombies" with proof of various privileges granted by the target to different computers.
The overall intention behind the idle scan is to "check the port standing whereas remaining utterly invisible to the targeted host." The first step in execution associate idle scan is to seek out associate applicable zombie. It must assign informatics ID packets incrementally on a worldwide (rather than per-host it communicates with) basis. It ought to be idle (hence the scan name), as extraneous traffic can raise its informatics ID sequence, confusing the scan logic. The lower the latency between the offender and also the zombie, and between the zombie and also the target, the quicker the scan can proceed.
Note that once a port is open, IPIDs increment by a pair of. Following is that the sequence:
* offender to focus on -> SYN, target to zombie ->SYN/ACK, Zombie to focus on -> RST (IPID increment by 1)
* currently offender tries to probe zombie for result. offender to Zombie ->SYN/ACK, Zombie to offender -> RST (IPID increment by 1) So, during this method IPID increments by a pair of finally.
When associate idle scan is tried, tools (for example nmap) tests the projected zombie and reports any issues with it. If one does not work, attempt another. Enough net hosts square measure vulnerable that zombie candidates are not exhausting to seek out. a standard approach is to easily execute a ping sweep of some network. selecting a network close to your supply address, or close to the target, produces higher results. you' ll be able to attempt associate idle scan mistreatment every obtainable host from the ping sweep results till you discover one that works. As usual, it's best to raise permission before mistreatment someone's machines for surprising functions like idle scanning.
Simple network devices typically create nice zombies as a result of {they square measure|they're} normally each underused (idle) and designed with straightforward network stacks that are susceptible to informatics ID traffic detection.
While distinguishing an acceptable zombie takes some initial work, you'll be able to keep re-using the nice ones. as an alternative, there are some analysis on utilizing unplanned public internet services as zombie hosts to perform similar idle scans. leverage the approach a number of these services perform departing connections upon user submissions will function some quite poor's man idle scanning.


NEW QUESTION # 287
Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

  • A. Kernel-level rootkit
  • B. Hypervisor-level rootkit
  • C. Library-level rootkit
  • D. User-mode rootkit

Answer: A


NEW QUESTION # 288
What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

  • A. All are tools that can be used not only by hackers, but also security personnel
  • B. All are tools that are only effective against Linux
  • C. All are hacking tools developed by the legion of doom
  • D. All are DDOS tools
  • E. All are tools that are only effective against Windows

Answer: D


NEW QUESTION # 289
Why containers are less secure that virtual machines?

  • A. Host OS on containers has a larger surface attack.
  • B. A compromise container may cause a CPU starvation of the host.
  • C. Containers may full fill disk space of the host.
  • D. Containers are attached to the same virtual network.

Answer: A


NEW QUESTION # 290
......

Get Ready to Pass the 312-50v13 exam Right Now Using Our CEH v13 Exam Package: https://pdfpractice.actual4dumps.com/312-50v13-study-material.html

Related Articles

more
ECCouncil 312-50v13 Certification Practice Exam

Copyright © 2026 Actual4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy