ECCouncil 312-50v13 Online Access

According to the CEH Network Scanning module, Idle Scanning (Zombie Scanning) is one of the most stealthy reconnaissance techniques. In this method, the attacker uses an idle third-party host (zombie) to probe the target indirectly.

Because all scan packets appear to originate from the zombie system, the true attacker remains hidden. CEH highlights that idle scans:

Are extremely stealthy

Generate minimal traffic from the attacker

Make attribution very difficult

Option B is correct.

Option A (FIN scan) is stealthy but still traceable.

Option C is noisy and easily detected.

Option D describes a Xmas scan, which is detectable.

CEH classifies idle scanning as one of the hardest scanning techniques to trace.

According to CEH v13 Network Scanning and Enumeration, ICMP Echo Requests (ping) are commonly filtered by firewalls and intrusion prevention systems to reduce network reconnaissance exposure. When ICMP Echo Replies are not returned but other services remain operational, the most likely explanation is ICMP filtering rather than host unavailability or compromise.

CEH v13 explicitly states that many organizations configure firewalls to block ICMP Echo Requests while allowing other ICMP types or higher-layer protocols. This practice helps prevent attackers from easily mapping live hosts during the reconnaissance phase.

The other options are incorrect because:

Unused IPs would not necessarily have active services.

A breach would typically present additional symptoms.

Network congestion would affect multiple protocols, not just ICMP.

Thus, blocked ICMP is the correct interpretation.

In CEH v13 Cloud Computing, serverless architectures introduce unique security challenges, particularly around Function-as-a-Service (FaaS) permissions. When a serverless function is compromised through an insecure third-party API, the damage depends largely on what the function is allowed to do.

Implementing function-level permission models and enforcing the principle of least privilege ensures that even if a function is exploited, its ability to execute malicious actions is strictly limited. CEH v13 strongly emphasizes granular IAM controls in serverless environments.

While cloud-native security platforms (Option A) and CASBs (Option C) provide visibility and governance, they do not directly prevent excessive permissions. Regular patching (Option D) is important but does not mitigate permission abuse.

CEH v13 identifies least privilege as the single most critical control in preventing serverless abuse and privilege escalation. Therefore, Option B is the correct answer.

According to the Certified Ethical Hacker (CEH) IDS/IPS and Evasion Techniques module, packet fragmentation is a technique attackers use to split malicious payloads into smaller fragments so that signature-based IDS sensors may fail to reassemble and inspect the complete packet.

CEH explains that anomaly-based IDS systems are more effective against fragmentation evasion because they analyze behavioral deviations rather than relying solely on known signatures. Fragmented traffic often deviates from baseline network behavior in terms of packet size, sequencing, and reassembly anomalies.

Option A is correct because anomaly-based detection can identify abnormal fragmentation behavior even if the payload itself does not match known signatures.

Option B is unreliable, as attackers do not use consistent intervals.

Option C is impractical, since legitimate traffic may be fragmented.

Option D is less effective because signature-based IDS systems can be bypassed by fragmentation techniques.

CEH recommends packet normalization and anomaly-based detection as effective countermeasures.