Changed 312-50v13 Exam Questions

Reconnaissance is the first phase of ethical hacking and also part of the cyber kill chain. It involves gathering publicly available information about a target, such as employee names, company structure, and branding, which is later used in social engineering or phishing attacks.

Reference – CEH v13 Official Study Guide:

Module 2: Footprinting and Reconnaissance

Quote:

“Reconnaissance involves gathering information from public sources such as websites, social networks, and press releases. This is used to craft targeted phishing messages or exploit organizational weaknesses.”

Incorrect Options Explained:

A & B. Not formal terms in ethical hacking.

D. Enumeration involves interacting with systems to extract technical data.

Passive sniffing refers to listening to or capturing network traffic without sending any packets or altering the communication stream. The attacker’s system operates in "promiscuous mode" to monitor all traffic flowing through the network segment. This technique is mostly used in environments like hub-based or unencrypted Wi-Fi networks, where traffic is visible to all systems.

According to the CEH v13 Official Courseware, Module 08: Sniffing, under the subsection "Passive Sniffing", the following capabilities are associated with passive sniffing:

Capturing unencrypted credentials (usernames and passwords)

Identifying protocols, services, IP addresses, and hostnames

Monitoring HTTP sessions, cookies, and other clear-text traffic

Gathering detailed information for fingerprinting and enumeration

Exporting traffic to PCAPs for forensic and offline analysis

However, passive sniffing does not involve any active interference with the traffic. Therefore, actions like “modifying and replaying” packets require an attacker to craft and inject packets into the network — this is considered active sniffing or traffic manipulation, which is out of scope for passive techniques.

Thus:

Option A: Valid for passive sniffing (host discovery via captured traffic)

Option B: Invalid for passive sniffing (requires active traffic manipulation)

Option C: Valid (if data is unencrypted)

Option D: Valid (captures traffic for offline review)

Reference – CEH v13 Official Courseware:

Module 08: Sniffing

Section: “Passive Sniffing vs Active Sniffing”

Study Guide Pages: Usually found under “Types of Sniffing Techniques”

CEH iLabs/Engage Scenarios: Packet capture and Wireshark lab modules

CEH v13 explains that multi-vector DDoS attacks, especially those combining volumetric reflection (DNS amplification) with application-layer exhaustion (Slowloris), require multi-layered mitigation. Standard firewalls and IPS devices cannot handle large-scale distributed attacks without causing collateral damage to legitimate traffic. CEH emphasizes the need for hybrid DDoS protection, combining on-premises appliances for real-time local filtering with cloud-based scrubbing centers capable of absorbing massive volumetric floods. Cloud scrubbing removes malicious traffic upstream, while on-prem devices mitigate application-layer anomalies. Increasing bandwidth (Option A) is ineffective against reflection attacks. IPS (Option B) cannot handle Slowloris-style partial requests at scale. Blocking all external DNS/HTTP (Option C) would deny service to legitimate users. The correct CEH-aligned solution is hybrid DDoS mitigation services.

Whaling is an advanced social engineering technique that targets high-profile individuals, such as executives, managers, or celebrities, by impersonating them or someone they trust, such as a colleague, partner, or vendor. The attacker creates a fake Linkedin profile, pretending to be a high-ranking official from a well-established company, and uses it to connect with other employees within the organization. The attacker then leverages the trust and authority of the fake profile to gain access to exclusive corporate events and proprietary project details shared within the network. This way, the attacker can launch targeted attacks against the organization, such as stealing sensitive data, compromising systems, or extorting money.

The most likely immediate threat to the organization is the loss of confidential information and intellectual property, which can damage the organization’s reputation, competitiveness, and profitability. The attacker can also use the information to launch further attacks, such as ransomware, malware, or sabotage, against the organization or its partners and customers.

The other options are not as accurate as whaling for describing this scenario. Pretexting is a social engineering technique that involves creating a false scenario or identity to obtain information or access from a victim. However, pretexting usually involves direct communication with the victim, such as a phone call or an email, rather than creating a fake Linkedin profile and connecting with the victim’s network. Spear phishing is a social engineering technique that involves sending a personalized and targeted email to a specific individual or group, usually containing a malicious link or attachment. However, spear phishing does not involve creating a fake Linkedin profile and connecting with the victim’s network. Baiting and involuntary data leakage are not social engineering techniques, but rather possible outcomes of social engineering attacks. Baiting is a technique that involves offering something enticing to the victim, such as a free download, a gift card, or a job opportunity, in exchange for information or access. Involuntary data leakage is a situation where the victim unintentionally or unknowingly exposes sensitive information to the attacker, such as by clicking on a malicious link, opening an infected attachment, or using an unsecured network. References:

Whaling: What is a whaling attack?

Advanced Social Engineering Attack Techniques

Top 8 Social Engineering Techniques and How to Prevent Them