CEH v13 312-50v13 Exam Questions and Answers PDF

Using default settings on a web server is considered a security risk because it can reveal the server software type and version, which can help attackers identify potential vulnerabilities and launch targeted attacks. For example, if the default settings include a server signature that displays the name and version of the web server software, such as Apache 2.4.46, an attacker can search for known exploits or bugs that affect that specific software and version. Additionally, default settings may also include other insecure configurations, such as weak passwords, unnecessary services, or open ports, that can expose the web server to unauthorized access or compromise.

The best initial step to mitigate this risk is to change the default settings to hide or obscure the server software type and version, as well as to disable or remove any unnecessary or insecure features. For example, to hide the server signature, one can modify the ServerTokens and ServerSignature directives in the Apache configuration file1. Alternatively, one can use a web application firewall or a reverse proxy to mask the server information from the client requests2. Changing the default settings can reduce the attack surface and make it harder for attackers to exploit the web server.

The given rule syntax is consistent with Snort, a popular open-source Intrusion Detection System (IDS). This rule alerts when any TCP traffic from any source IP and port is sent to IPs within the 192.168.100.0/24 subnet on port 21 (FTP), triggering the alert message: “FTP on the network!”

The Snort rule format is:

alert protocol source_IP source_port -> destination_IP destination_port (rule_options)

CEH v13 course materials teach this rule format under IDS/IPS configuration.

From CEH v13 Guide:

“Snort rules are used in IDS/IPS to define suspicious traffic patterns. An example rule: alert tcp any any -> 192.168.1.0/24 21 (msg: 'FTP detected') triggers an alert on FTP traffic within a subnet.”

Incorrect Options:

A/C. IP tables are used in firewalls and routers but follow a completely different syntax.

B. FTP servers do not use such alerting rules.

Reference – CEH v13 Study Guide:

Module 12: Evading IDS, Firewalls, and Honeypots

Section: Snort IDS Configuration

===========

In an SOA (Start of Authority) record, the fifth value represents the “Expire” interval — the time a secondary DNS server will keep trying to contact the primary server before considering the zone data stale or invalid.

SOA Format:

SOA Primary-NS Hostmaster (Serial Refresh Retry Expire Minimum-TTL)

Given SOA:

(200302028 3600 3600 604800 3600)

Serial: 200302028

Refresh: 3600 seconds

Retry: 3600 seconds

Expire: 604800 seconds = 7 days = 1 week

Minimum TTL: 3600

So, if the secondary DNS cannot contact the primary for 604800 seconds (1 week), it will stop serving that zone’s data.

Per CEH v13 Official Courseware – Module 01: Introduction to Ethical Hacking, ethical hackers and penetration testers are bound by legal and professional standards. When illegal activities such as human trafficking are discovered:

The ethical response is to cease operations and report the findings to the appropriate legal authorities.

Continuing work, ignoring the findings, or confronting the client personally is both unprofessional and may potentially expose the tester to legal liability.