312-50v13 Reviews Questions

TCP Maimon scan

This scan technique is very similar to NULL, FIN, and Xmas scan, but the probe used here is

FIN/ACK. In most cases, to determine if the port is open or closed, the RST packet should be generated as a response to a probe request. However, in many BSD systems, the port is open if the packet gets dropped in response to a probe.

How Nmap interprets responses to a Maimon scan probe

Probe Response Assigned State

No response received (even after retransmissions) open|filtered

TCP RST packet closed

ICMP unreachable error (type 3, code 1, 2, 3, 9, 10, or 13) filtered

Firewalls primarily operate at Layer 3 (Network) and Layer 4 (Transport) of the OSI model. They inspect:

IP headers (Layer 3)

TCP/UDP port numbers (Layer 4)

Application-specific data in Layer 7-aware firewalls (for application filtering)

By examining transport layer port numbers and application layer headers, firewalls can block or allow traffic based on services like HTTP (port 80), FTP (port 21), and others.

Reference – CEH v13 Official Study Guide:

Module 13: Evading IDS, Firewalls, and Honeypots

Quote:

“Firewalls filter traffic based on IP addresses, transport-layer port numbers, and application protocol headers to control access to services and applications.”

Incorrect Options:

B & C. Presentation and session layers are not relevant to firewall rule inspection.

D. Application layer doesn’t have port numbers; they are part of the transport layer.

===========

Promiscuous mode is a configuration for a network interface card (NIC) that allows it to pass all network traffic to the CPU for processing, not just the traffic addressed to that NIC. It is commonly used in:

Network sniffing and monitoring

Packet analysis tools like Wireshark

IDS/IPS systems

Reference – CEH v13 Official Study Guide:

Module 8: Sniffing

Quote:

“Promiscuous mode allows a NIC to capture all packets on the network segment, regardless of the destination MAC address.”

Incorrect Options:

A. Multicast mode handles group address traffic, not all frames

C. WEM is not a valid network mode term

D. Port forwarding redirects traffic to specific internal IPs

===========

Comprehensive and Detailed Explanation:

A rubber-hose attack refers to extracting cryptographic secrets by means of physical coercion, threats, or torture, rather than technical attacks on the algorithm or implementation.

From CEH v13 Official Study Guide:

Module 10: Cryptography → Types of Attacks

“A rubber-hose attack bypasses technical security by attacking the human element.”