Pass Using 312-50v13 Exam Dumps

This scenario best illustrates impersonation, which is a core social engineering technique emphasized in CEH under pretexting and physical security testing. Impersonation occurs when an attacker assumes a believable identity, such as an IT technician, vendor, maintenance worker, or delivery person, to gain trust and bypass access controls. In the prompt, the red team member adopts a third-party IT technician role and is granted entry because the receptionist assumes the visit is legitimate and does not verify credentials. That is the defining moment of impersonation: exploiting human trust and procedural gaps to obtain unauthorized physical access.

While the attacker later observes open terminals, unattended printouts, and sticky notes, those observations are opportunistic data collection that becomes possible only after successful impersonation. Shoulder surfing is specifically observing a user entering credentials or viewing a screen while standing nearby, typically during active use. Eavesdropping focuses on capturing spoken or transmitted information, such as listening to conversations or intercepting communications. Dumpster diving involves retrieving sensitive information from trash or discarded materials in waste bins, not simply seeing sticky notes left on desks.

CEH guidance highlights that impersonation often succeeds when organizations lack visitor verification, badge enforcement, escort policies, and security awareness training. Controls include validating work orders, requiring government-issued ID, issuing visitor badges, escorting visitors, enforcing clean desk practices, locking workstations, and secure printing to prevent exposure of credentials and sensitive data.

The correct answer is C, Severity scoring. CVSS stands for Common Vulnerability Scoring System. In CEH vulnerability analysis and vulnerability management topics, CVSS is used to measure and communicate how severe a vulnerability is. The CEH material explains that CVSS captures the principal characteristics of a vulnerability and produces a numerical score that reflects its severity. That score can then be translated into qualitative ratings such as low, medium, high, and critical, helping organizations assess and prioritize remediation activities. CVSS is not an encryption mechanism, because it does not protect data or perform cryptographic operations. It is also not exploitation, because it does not attack or take advantage of vulnerabilities. Auditing may use CVSS results as supporting evidence, but CVSS itself is specifically a scoring framework. Therefore, in this question, the best and most precise CEH-aligned answer is Severity scoring.

The CEH DDoS Mitigation Strategies section explains that load balancing distributes traffic across multiple servers or infrastructure components to prevent any single resource from being overwhelmed.

By using hardware load balancers and cloud-based traffic distribution, organizations can:

Absorb large volumes of attack traffic

Maintain service availability

Ensure legitimate users are served

Option B is correct and directly matches CEH’s definition.

Option A drops all traffic, including legitimate requests.

Option C focuses on traffic analysis rather than distribution.

Option D limits traffic rather than distributing it.

CEH strongly recommends load balancing as a core DDoS resilience mechanism.

A logic bomb is malware or malicious code that is deliberately planted within a system and configured to execute when a specific condition is met, such as a particular date and time, a user action, or the presence or absence of a file. CEH materials describe logic bombs as condition-based triggers that can remain dormant for extended periods, producing minimal indicators until the trigger occurs. The most decisive clue in this scenario is the “scheduled task set to a specific date,” followed by abnormal behavior that appears only after that date passes. This is a textbook trigger mechanism used to activate malicious actions while avoiding early detection.

The “odd email from an unfamiliar source” suggests an initial delivery or social engineering vector, but the core behavior is the delayed activation. The later “faint increase in network activity only after the scheduled date passed” aligns with a logic bomb executing a payload such as beaconing, data exfiltration, or enabling remote access. The “unusual code traces on a dormant workstation” further supports the idea of implanted code that was inactive until triggered.

Fileless malware emphasizes execution in memory using legitimate tools such as PowerShell or WMI and is defined more by its living-off-the-land technique than by a date-based trigger. An APT describes a broader campaign style involving long-term, multi-stage intrusion, not a single defining trigger artifact. Ransomware is characterized by encryption and extortion behavior, which is not described. Therefore, the threat is best characterized as a logic bomb.