312-50v13 Questions Bank

CEH covers classical cryptanalytic attacks, including linear cryptanalysis, which uses statistical correlations between plaintext and ciphertext to infer bits of the secret key. If a cipher leaks structural patterns across many data samples, linear approximations can be computed to break the cipher.

Comprehensive and Detailed Explanation:

In TCP session hijacking or spoofing:

An attacker sends a spoofed packet with the ACK bit set and a guessed (or predicted) sequence number to fool the receiver into thinking it's a legitimate continuation of an existing session.

Fred is simulating this by sending a TCP packet with the ACK bit and using his own IP as the source, trying to trick the switch into believing it's part of an already established session.

From CEH v13 Courseware:

Module 11: Session Hijacking

The CEH web server attack methodology describes reconnaissance as a key phase, where testers gather publicly available information before attempting exploitation. Robots.txt is commonly used by administrators to instruct web crawlers about which directories should not be indexed. CEH emphasizes that attackers regularly review robots.txt because it often exposes sensitive directories unintentionally, providing valuable intelligence about internal structure, configuration paths, administrative pages, and potential weak points. In this scenario, the tester observes “Disallow” entries and then discovers the directories are not protected by authentication, allowing direct access to sensitive files. This falls under information gathering through exposed indexing instructions rather than directory traversal, which involves path-manipulation exploits. The tester is not altering file paths or inserting traversal sequences; instead, they are reviewing publicly available indexing instructions and discovering misconfigured access controls. This perfectly aligns with the reconnaissance phase of the CEH methodology, where attackers learn about server architecture using passive or minimally intrusive techniques.

The CEH v13 content explains that stealth scanning involves modifying scan timing parameters to reduce packet frequency, randomize intervals, and avoid recognizable patterns typically flagged by intrusion detection systems. Slow, randomized timing—often achieved with Nmap’s T0 or T1 timing templates—prevents bursts of traffic and allows scans to blend into normal network noise. IDS/IPS systems tuned for high-volume events may fail to detect such gradual reconnaissance. Fast SYN scans generate distinctive patterns easily identified by security monitoring tools. UDP scans, especially across all ports, produce high traffic volume and are extremely noisy. Xmas scans, although sometimes used for stealth against stateless filters, are still signature-detectable and inappropriate when stealth over time is required. Therefore, applying slow, randomized timing options aligns with CEH-approved reconnaissance techniques for evading detection while enumerating open ports.