312-50v13 Exam Dumps - Certified Ethical Hacker Exam (CEHv13)

https://en.wikipedia.org/wiki/IPsec

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during the session. IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec uses cryptographic security services to protect communications over Internet Protocol (IP) networks. It supports network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection.

The initial IPv4 suite was developed with few security provisions. As a part of the IPv4 enhancement, IPsec is a layer 3 OSI model or internet layer end-to-end security scheme. In contrast, while some other Internet security systems in widespread use operate above layer 3, such as Transport Layer Security (TLS) that operates at the Transport Layer and Secure Shell (SSH) that operates at the Application layer, IPsec can automatically secure applications at the IP layer.

CEH v13 highlights that SNMPv1/v2 environments configured with default community strings such as "public" or "private" present significant security risks because they allow unauthorized users to query system information. SNMP enumeration can reveal processes, interfaces, routing tables, users, device configurations, and more. The snmp-processes Nmap NSE script is specifically designed to enumerate running processes on an SNMP-enabled host. It queries the Host Resources MIB (HR-MIB), which stores operational information about system processes, CPU usage, and memory consumption. This information provides attackers with insights into what services may be exploitable or misconfigured. CEH stresses that SNMPv2 is particularly vulnerable due to lack of encryption and authentication hardening. By enumerating processes, penetration testers can identify potential privilege escalation paths, outdated services, or rogue applications that may aid lateral movement. Other scripts such as snmp-sysdescr or snmp-interfaces retrieve system description or interface data but do not enumerate processes.

The ntpq utility provides detailed NTP peer information, synchronization states, offsets, delays, and strata. CEH specifically lists ntpq as the tool for querying NTP daemon status and enumerating peer relationships, making it essential for reconnaissance and lateral movement mapping.

A proxy server acts as a gateway between you and therefore the internet. It’s an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy counting on your use case, needs, or company policy.

If you’re employing a proxy server, internet traffic flows through the proxy server on its thanks to the address you requested. A proxy server is essentially a computer on the web with its own IP address that your computer knows. once you send an internet request, your request goes to the proxy server first. The proxy server then makes your web request on your behalf, collects the response from the online server, and forwards you the online page data so you’ll see the page in your browser.

https://us-cert.cisa.gov/ncas/alerts/TA18-201A

Currently, Emotet uses five known spreader modules: NetPass.exe, WebBrowserPassView, Mail PassView, Outlook scraper, and a credential enumerator. Credential enumerator is a self-extracting RAR file containing two components: a bypass component and a service component. The bypass component is used for the enumeration of network resources and either finds writable share drives using Server Message Block (SMB) or tries to brute force user accounts, including the administrator account. Once an available system is found, Emotet writes the service component on the system, which writes Emotet onto the disk. Emotet’s access to SMB can result in the infection of entire domains (servers and clients).

CEH v13 highlights that encrypting session data in transit is one of the strongest defenses against session hijacking. IPsec VPN encrypts the entire IP packet, preventing attackers from capturing usable session tokens.

IPS helps detection but not prevention. Physical security and awareness do not address technical hijacking.

Therefore, Option A is correct.

https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-fileless-malware.html

Fileless malware can easily evade various security controls, organizations need to focus on monitoring, detecting, and preventing malicious activities instead of using traditional approaches such as scanning for malware through file signatures.Also known as non-malware, infects legitimate software, applications, and other protocols existing in the system to perform various malicious activities.It resides in the system’s RAM. It injects malicious code into the running processes. (P.966/950)

CEH v13 classifies this malware as fileless malware, which resides in memory and abuses legitimate system tools (Living-off-the-Land techniques). Traditional antivirus solutions are often ineffective.

CEH v13 recommends:

Script control (PowerShell Constrained Language Mode)

Application whitelisting

Monitoring parent-child process relationships

These measures directly target the malware’s execution method. Reboots and folder cleanup do not address in-memory persistence.