312-50v13 Exam Dumps : Certified Ethical Hacker Exam (CEHv13)

This scenario describes fileless malware using covert command-and-control (C2) channels over commonly allowed protocols such as HTTP and DNS, a technique heavily emphasized in CEH v13 Malware Threats. Such malware avoids writing files to disk and instead leverages memory, legitimate system tools, and trusted protocols to evade traditional defenses.

Signature-based antivirus updates (Option A) are ineffective against fileless malware because there are no static artifacts to match. Blocking known malware ports (Option C) is also ineffective, as the malware intentionally uses ports 80 and 53, which must remain open for normal business operations. Restricting plain HTTP (Option B) may reduce visibility but does not stop DNS tunneling or encrypted malicious traffic.

CEH v13 identifies behavioral analytics as the most effective countermeasure against advanced malware. Behavioral solutions establish a baseline of normal system and network activity, then detect anomalies such as:

Unusual outbound DNS query patterns

Abnormal HTTP beaconing intervals

Legitimate applications behaving suspiciously

PowerShell or system tools generating network traffic unexpectedly

By monitoring how systems behave rather than what files exist, behavioral analytics can identify stealthy C2 communications and disrupt them early. Therefore, Option D is the most effective and CEH-aligned response.

According to the CEH Network Scanning module, a SYN scan works by analyzing TCP handshake responses.

SYN → SYN/ACK = Port OPEN

SYN → RST = Port CLOSED

No response = FILTERED

Option A is correct.

CEH emphasizes SYN scanning as stealthy because the handshake is never completed.

SHA-256 is a cryptographic hash function, and CEH v13 clearly states that hash functions alone provide data integrity, but not authenticity or non-repudiation. If attackers can modify data and recompute the hash, integrity checks will still pass.

The issue arises because SHA-256 does not prove who created or modified the data. To address this weakness, CEH v13 recommends using digital signatures, which combine hashing with asymmetric cryptography. A digital signature ensures:

Integrity (data has not changed)

Authentication (data was signed by a known entity)

Non-repudiation (the signer cannot deny the action)

Digital signatures work by hashing the data and encrypting the hash with the sender’s private key. Any modification to the data invalidates the signature.

Encryption alone (Options A and C) protects confidentiality, not integrity or authenticity. SSL/TLS (Option B) secures data in transit but does not protect stored data from tampering.

CEH v13 explicitly identifies digital signatures as the correct cryptographic control when integrity mechanisms alone are insufficient. Therefore, Option D is correct.