CEH v13 312-50v13 Release Date

The correct answer is D. Twofish because the question explicitly describes a symmetric cipher that: (1) works on 128-bit blocks, (2) supports keys up to 256 bits, and (3) was a finalist in the AES selection process intended to replace DES. Twofish matches all of these characteristics. It is a symmetric block cipher designed by Bruce Schneier and colleagues, and it was one of the five AES finalists (along with Rijndael, Serpent, RC6, and MARS). Twofish uses a 128-bit block size and allows key sizes of 128, 192, or 256 bits, aligning precisely with the “up to 256-bit keys” clue.

Why the other choices do not fit: RC4 is a stream cipher, not a 128-bit block cipher, and it is not an AES finalist. AES itself (Rijndael) is the algorithm that ultimately won the AES competition; the prompt says the algorithm was a finalist, not necessarily the winner, and the description is intended to distinguish a finalist option from AES itself. Blowfish supports variable key lengths up to 448 bits but uses a 64-bit block size, not 128-bit blocks, and it was not an AES finalist (Twofish was designed as Blowfish’s successor with a larger block size to address modern requirements).

In practical terms, the block size and key size characteristics matter for security and performance: 128-bit blocks are standard for modern symmetric encryption, and 256-bit keys provide a high security margin for long-term protection of sensitive logs. The mention of AES finalization also signals that this algorithm belongs to the same generation of modern block ciphers designed with strong resistance to cryptanalysis and efficient software/hardware implementation.

Therefore, based on the stated properties and its AES finalist status, the symmetric encryption algorithm is Twofish.

The described action is classic web server footprinting through banner grabbing. In CEH reconnaissance methodology, banner grabbing is used to identify a target’s service details by eliciting and analyzing standard protocol responses. When Sofia sends a simple HTTP request such as GET / HTTP/1.0, the server often responds with HTTP headers that may include fields like Server and sometimes X-Powered-By, which can reveal the web server product and version, and occasionally information that hints at the underlying operating system or framework. This disclosure is valuable to attackers because it enables targeted exploitation: once the exact server and version are known, an attacker can correlate that information with known vulnerabilities, misconfigurations, and exploit code.

This is not information gathering from robots.txt, which is a web file used to suggest crawler behavior and sometimes reveals hidden paths but does not inherently expose server software versions. It is also not directory brute forcing, which involves systematically guessing directories and files to find hidden endpoints. Vulnerability scanning is broader and typically involves automated checks to detect vulnerabilities; while banner information can be an input to scanning, the technique shown here is specifically identification through response headers.

CEH-aligned mitigation includes disabling or minimizing server signature information, removing unnecessary headers, keeping server software patched, and using secure configurations and reverse proxies to reduce information leakage during reconnaissance.

Side-channel attacks, as explained in CEH v13 OT and SCADA Security, extract sensitive information by observing physical characteristics of a system rather than exploiting software flaws directly. These characteristics may include power consumption, electromagnetic emissions, timing variations, or thermal output.

In SCADA environments, side-channel attacks are especially dangerous because they bypass traditional network defenses. The most reliable way to confirm such an attack is by analyzing hardware-level anomalies—such as unexpected power usage spikes or irregular signal emissions during normal device operations.

Option B directly aligns with CEH v13 guidance.

Options A, C, and D focus on software, cryptography, or network behavior, which are not primary indicators of side-channel exploitation.

Therefore, Option B is correct.

The Certified Ethical Hacker (CEH) Cryptography and Quantum Computing section introduces the concept known as “Harvest Now, Decrypt Later”. This threat model describes adversaries capturing encrypted data today, even if they cannot decrypt it immediately, with the expectation that future quantum computers will be able to break currently secure public-key algorithms such as RSA and ECC.

Option A accurately reflects this concept.

Option B describes a method (Shor’s algorithm) but not the threat model itself.

Option C is unrelated to cryptographic attacks.

Option D refers to quantum communication attacks, not classical encrypted data harvesting.

CEH emphasizes post-quantum cryptography as a mitigation strategy.