Free Access ECCouncil 312-50v13 New Release

The correct answer is A. Service Version Discovery because the objective is to identify the software release/version running on internet-facing services by analyzing network responses and application output—without authenticating or establishing full sessions. In CEH-aligned reconnaissance methodology, service/version discovery (often called version detection or banner grabbing) focuses on determining what service is running (e.g., HTTP server, SSH daemon, SMTP server) and which version/build it is (e.g., Apache/Nginx version, OpenSSH version, application framework release). This information directly supports “prioritizing patch baselines” because patch urgency depends heavily on exact product versions: knowing the version helps map exposure to known vulnerabilities and identify outdated builds.

The prompt’s wording “analyze network-level responses and capture application output” is consistent with techniques such as banner grabbing, protocol negotiation, and response fingerprinting. Many services disclose identifying strings in headers, greetings, error pages, TLS certificates, or protocol handshakes. Even when banners are minimized, subtle differences in responses can still indicate versions or at least narrow the product family. This is typically done externally and does not require credentials, matching the constraint “without logging in or establishing full sessions.”

Why the other options are less accurate: Port scanning identifies which ports are open and which services may be present, but it does not necessarily determine precise software releases. OS discovery (OS fingerprinting) aims to infer the operating system and sometimes kernel family from packet characteristics; it is helpful but the task emphasizes “software release” and “application output,” which aligns more with service version detection than OS detection. Vulnerability scanning goes further by testing for known weaknesses and misconfigurations; while it may include version detection, the question asks for the technique that best fits the stated objective—determining the underlying service/software release from network/application responses—making service version discovery the most direct match.

Therefore, the technique is Service Version Discovery.

This scenario is a classic session fixation attack. In session fixation, the attacker sets or “fixes” a known session identifier (session ID) for the victim before the victim authenticates. The attacker then persuades the victim to use that predetermined session—often by embedding the session ID into a URL, link, or cookie setting mechanism. Once the victim logs in, the application incorrectly continues using the same session ID (rather than issuing a new one upon authentication). As a result, the attacker can reuse that known session ID to access the victim’s authenticated session context.

The described sequence matches session fixation exactly: James first crafts a session and obtains a session ID, then shares it with the victim via a link, the victim clicks and logs in, and “their activity is bound to the attacker’s pre-assigned session.” Later, James accesses the session and retrieves the victim’s input—demonstrating that authentication was tied to an attacker-controlled session token.

Why the other options do not fit:

Session replay (B) involves capturing a valid session token (e.g., via sniffing, XSS, or leakage) and replaying it, but it does not require pre-setting the token before the victim logs in.

Session prediction (C) is about guessing or calculating valid session IDs due to weak randomness. Here the attacker does not guess; he deliberately provides a session ID he already controls.

“Session donation (A)” is not the standard classification for this well-known web session weakness in CEH-style taxonomy; the described behavior aligns with fixation.

Therefore, the correct answer is D. Session Fixation Attack.

Ransomware encrypts user data and extorts payment for restoration. CEH covers ransomware as a major threat in system hacking, highlighting encryption-based extortion as its defining behavior.

CEH v13 explains that cryptographic consistency is essential for secure session management. Variable token lengths can leak information about encryption methods, key sizes, or user privilege levels, making sessions vulnerable to cryptanalysis or targeted attacks.

The most effective mitigation is implementing uniform encryption strength across all roles, ensuring consistent key sizes, algorithms, and token formats. While MFA improves authentication and key rotation improves lifecycle management, neither directly resolves cryptographic inconsistency.

CEH v13 stresses that encryption should be role-agnostic and standardized. Therefore, Option C is correct.