Passed Exam Today 312-50v13

The correct answer is A. Measured service because the scenario describes a core cloud characteristic where resource usage is metered, monitored, controlled, and reported, enabling pay-as-you-go billing and supporting accountability and auditability. In CEH cloud computing coverage (aligned with standard cloud definitions), measured service refers to the cloud provider’s ability to automatically track and quantify consumption of resources such as CPU/compute time, storage capacity, memory, and network bandwidth. This metering is fundamental to cloud economics: customers pay based on actual usage rather than fixed, up-front infrastructure costs.

In the Black Friday context, demand is bursty and unpredictable. Measured service allows the organization to scale resources up during peak shopping hours and scale down afterward, while billing remains tied to what was truly consumed. This is especially important for cost control in e-commerce environments where overprovisioning for peak loads on-premises would be expensive and inefficient. Additionally, because the provider records usage in detail, the organization can perform chargeback/showback internally, validate invoices, and maintain evidence for audits and compliance reviews—all of which depend on accurate, granular measurement.

Why the other options are not the best fit: Broad network access describes availability over networks and access via standard mechanisms (not usage tracking). On-demand self-service refers to users provisioning resources automatically without human interaction from the provider (not billing metering). Resource pooling refers to multi-tenant pooling of provider resources dynamically assigned and reassigned according to demand (again, not the billing/audit measurement function).

Therefore, the feature of detailed tracking of compute hours, storage usage, and bandwidth consumption that supports pay-per-use and auditing is best explained by measured service.

The correct answer is B. In CEH ethical hacking and penetration-testing guidance, testers must operate strictly within the authorized scope, agreement, and reporting procedures. When sensitive data such as credit card numbers and PII is unexpectedly discovered, the tester should not copy, move, examine further, or continue testing as though it were a normal finding. CEH-aligned guidance specifically warns that when illegal or highly sensitive material is encountered, it should not be copied to the tester’s own device, and the tester must follow team guidance and remain within the engagement agreement. Continuing the test could increase exposure, disturb evidence, or violate PCI-DSS and privacy handling requirements. Making a local copy is especially wrong because it creates another unauthorized location for regulated data. Contacting the employee directly is also improper because escalation should go through the approved client point of contact or management. Therefore, the best course of action is to stop the test immediately and contact management.

Port scanning is the CEH-aligned technique used to identify available access points into systems, where “access points” refers to open TCP and UDP ports and the services listening on them. In the reconnaissance and scanning phases described in CEH methodology, testers first enumerate live hosts and then perform port scanning to discover which network services are reachable, such as HTTP on 80 or 443, SSH on 22, RDP on 3389, DNS on 53, and many others. This information directly guides the next steps of analysis by revealing the attack surface: what services are exposed, which systems are running them, and which ports may permit remote interaction.

Vulnerability scanning is different because it attempts to identify known weaknesses or misconfigurations and typically requires service detection, versioning, and signature or configuration checks. It is usually performed after ports and services are discovered, not as the first method for finding “available access points.” Topology mapping focuses on understanding how the network is structured, including routing paths, device relationships, and segmentation boundaries. Network scanning is a broader term that can include host discovery and other probes, but it is less precise than port scanning for identifying the specific entry points that an attacker could use to connect.

Under ethical guidelines, port scanning is conducted with proper authorization, scoped targets, controlled timing to avoid disruption, and clear reporting of open ports, detected services, and risk implications so defenders can reduce exposure by closing unnecessary ports and hardening required services.

The correct answer is D, Hardware, Software, and Sniffing. In CEH system hacking and password attack concepts, password retrieval during an authorized assessment can involve multiple categories, not just one method. Keylogging may be performed through hardware devices or software applications that capture user keystrokes, and CEH material specifically identifies keylogging as using hardware or software to capture what a user types. CEH material also describes keyloggers as either hardware or software and explains that they monitor keyboard activity and related user actions. Sniffing is another password retrieval method because packets captured on a LAN may expose sensitive information and credentials such as Telnet, FTP, SMTP, or rlogin passwords. Therefore, software-only is incomplete, hardware-only is too narrow, and hardware/software keyloggers exclude network sniffing. The broadest and most accurate answer is hardware, software, and sniffing.