312-50v13 Exam Questions Tutorials

DNS interrogation is a core passive and semi-active reconnaissance technique described in CEH v13 Reconnaissance Techniques. It allows ethical hackers to gather publicly available information about a target’s domain infrastructure.

Through DNS queries, testers can retrieve:

Subdomains (via zone transfers, brute force, or DNS records)

Mail server IP addresses (via MX records)

Server IP addresses, which can then be mapped to approximate geographic locations

However, DNS does not store authentication credentials such as usernames and passwords. That information resides in authentication systems like Active Directory, LDAP, or application databases, not DNS.

Therefore, Option A is the only choice that cannot be obtained via DNS interrogation. CEH v13 clearly distinguishes between naming infrastructure data and credential-based information, reinforcing why DNS enumeration cannot reveal user credentials.

Thus, Option A is correct.

CEH courseware describes rootkits as specialized malware designed to conceal their presence while providing persistent, unauthorized access to system-level functions. Rootkits typically modify low-level components of the operating system—such as kernel modules, drivers, or system processes—to hide files, processes, registry keys, and network connections. Their primary purpose is to grant attackers administrative privileges without triggering alerts, making them extremely stealthy and dangerous. CEH emphasizes that rootkits often accompany other malware to maintain long-term control after initial compromise. In contrast, viruses replicate by attaching to files, keyloggers record keystrokes but do not hide system-level access, and ransomware encrypts data rather than conceals operations. The defining characteristics in this scenario—cloaking activity, providing admin-level control, persisting undetected—are directly aligned with rootkit behavior as described in CEH training material.

The best answer is Corporate Espionage. CEH reconnaissance coverage explains that footprinting can be used not only for technical attack preparation but also for competitive intelligence gathering against organizations. In this scenario, a rival company appears to have derived meaningful strategic information about product design, pricing, and roadmap decisions from publicly available data and external disclosures before launch. The resulting harm is not just accidental exposure in the abstract; it is the use of collected intelligence to gain a business advantage over the target organization. That makes corporate espionage the most accurate classification. Information leakage is certainly part of the pathway, because some information had to be exposed or inferable from public sources, but the threat asked for is the footprinting-related consequence represented by the competitor’s behavior. Business loss describes an impact, not the threat category itself. Social engineering would require manipulative interaction with people, which is not stated here. CEH materials note that careless public disclosures, metadata, career postings, partner information, and strategic announcements can all support footprinting by competitors or adversaries. When such data is systematically collected to mirror or undermine business strategy, the activity is best described as corporate espionage.