CEH v13 312-50v13 Full Course Free

According to the CEH Denial-of-Service (DoS/DDoS) module, application-layer DDoS attacks specifically target services such as HTTP, HTTPS, DNS, or APIs by sending requests that appear legitimate but overwhelm server resources.

An HTTP flood attack sends a massive number of HTTP GET or POST requests, consuming CPU, memory, and application threads. CEH highlights that these attacks are particularly dangerous because they:

Mimic normal user behavior

Are difficult to distinguish from legitimate traffic

Bypass traditional network-layer defenses

Option A is correct.

Options B, C, and D operate primarily at the network or transport layers, not the application layer.

CEH stresses that HTTP floods are among the most challenging DDoS attacks to mitigate due to their stealthy nature.

This scenario demonstrates SMTP Enumeration, a classic enumeration technique described in CEH v13 Network Enumeration. SMTP servers may expose commands such as VRFY, EXPN, and RCPT TO, which can be abused to validate user accounts.

When these commands are enabled without restriction, attackers can enumerate valid usernames without authentication. The Nmap script used explicitly leverages these commands, confirming the misconfiguration.

Option B is incorrect because authentication is not bypassed. Option C concerns DNS routing, not user enumeration. Option D relates to encryption, not enumeration capability.

CEH v13 strongly recommends disabling or restricting SMTP user verification commands. Thus, Option A is correct.

Email headers typically contain multiple time-related fields, but they do not all carry the same evidentiary value for tracing message handling. In CEH-aligned reconnaissance and email analysis, the most reliable way to determine when an email was processed by the sender’s infrastructure is to examine the earliest “Received” header entry—specifically, the timestamp showing when the message was accepted by the sender’s originating mail server (the first mail transfer agent in the chain). This aligns with option C: the date and time received by the originator’s email servers.

The “Date” header (option A) is set by the sender’s mail client and can be manipulated or misconfigured, making it less trustworthy for forensic timing. Option B (sender’s mail server) is useful for identifying infrastructure and routing, but it does not directly provide the exact processing moment unless paired with the correct “Received” timestamp. Option D (authentication system such as SPF/DKIM/DMARC results) helps validate whether a message is authorized for a domain and detect spoofing, but it does not pinpoint when the sender’s system processed the email.

CEH guidance emphasizes that analysts should correlate multiple “Received” lines from bottom to top (earliest to latest), validate time zones, and look for inconsistencies such as impossible hops, private IP anomalies, or missing hops that indicate header forgery. However, for the specific “moment processed by the sender’s system,” the first acceptance timestamp at the origin mail server is the key artifact.