312-50v13 Exam Dumps - Certified Ethical Hacker Exam (CEHv13)

In CEH v13 DNS Enumeration, DNS cache snooping determines whether a DNS resolver has a record cached. When +norecurse is used and the response is NOERROR with no answer, it means the server is authoritative but does not have the record cached.

CEH v13 explains that this suggests no internal client has recently queried the domain, making option D correct.

CEH v13 explains that multi-vector DDoS attacks, especially those combining volumetric reflection (DNS amplification) with application-layer exhaustion (Slowloris), require multi-layered mitigation. Standard firewalls and IPS devices cannot handle large-scale distributed attacks without causing collateral damage to legitimate traffic. CEH emphasizes the need for hybrid DDoS protection, combining on-premises appliances for real-time local filtering with cloud-based scrubbing centers capable of absorbing massive volumetric floods. Cloud scrubbing removes malicious traffic upstream, while on-prem devices mitigate application-layer anomalies. Increasing bandwidth (Option A) is ineffective against reflection attacks. IPS (Option B) cannot handle Slowloris-style partial requests at scale. Blocking all external DNS/HTTP (Option C) would deny service to legitimate users. The correct CEH-aligned solution is hybrid DDoS mitigation services.

In CEH v13 Module 01: Introduction to Ethical Hacking, Business Impact Analysis (BIA) is defined as a core component of the risk management process that helps identify and evaluate critical business functions, their dependencies, and the impact of downtime.

BIA is performed to:

Identify critical services and resources.

Determine the impact of their failure.

Define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).

Prioritize systems for business continuity planning.

Option Clarification:

A. EPR: Emergency Plan Response – not a formal phase in BIA or risk analysis.

C. Risk Mitigation: Involves taking actions to reduce risks, but doesn't identify business-critical services.

D. DRP: Disaster Recovery Planning focuses on restoration, not impact assessment.

Wired Equivalent Privacy (WEP) may be a security protocol, laid out in the IEEE wireless local area network (Wi-Fi) standard, 802.11b, that’s designed to supply a wireless local area network (WLAN) with A level of security and privacy like what’s usually expected of a wired LAN. A wired local area network (LAN) is usually protected by physical security mechanisms (controlled access to a building, for example) that are effective for a controlled physical environment, but could also be ineffective for WLANs because radio waves aren’t necessarily bound by the walls containing the network. WEP seeks to determine similar protection thereto offered by the wired network’s physical security measures by encrypting data transmitted over the WLAN. encoding protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms like password protection, end-to-end encryption, virtual private networks (VPNs), and authentication are often put in situ to make sure privacy.

A research group from the University of California at Berkeley recently published a report citing “major security flaws” in WEP that left WLANs using the protocol susceptible to attacks (called wireless equivalent privacy attacks). within the course of the group’s examination of the technology, they were ready to intercept and modify transmissions and gain access to restricted networks. The Wireless Ethernet Compatibility Alliance (WECA) claims that WEP – which is included in many networking products – was never intended to be the only security mechanism for a WLAN, and that, in conjunction with traditional security practices, it’s very effective.

Non-repudiation is the assurance that someone cannot deny the validity of something. Non-repudiation is a legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message.

The host command in Linux is used for DNS lookup operations. The switch -t specifies the type of DNS record you are querying.

host -t a domain.com queries for A (Address) records, which return the IP address associated with a domain.

host -t ns queries for name servers (NS records).

host -t soa queries for the Start of Authority (SOA) record.

host -t AXFR attempts a zone transfer (not a standard resolution method and typically blocked).

Hence, option A correctly resolves a domain name to its IP address.

The command uses sqlmap, a powerful SQL injection and database penetration testing tool. The flag -u specifies the target URL, and -dbs instructs sqlmap to enumerate the available databases on the DBMS behind that URL.

Command Breakdown:

-u: Target URL with injectable parameters

-dbs: Retrieve and enumerate all available database names

This is a common first step in identifying vulnerable DBMS structures after confirming SQL injection.

Incorrect Options:

A. Backdoor creation is not the default function of sqlmap.

C. Retrieving SQL statements would require additional options like --trace or --sql-query.

D. Option D is not technically accurate—sqlmap is used for injection and enumeration, not searching statements.

Reference – CEH v13 Official Courseware:

Module 14: Hacking Web Applications

Section: “SQL Injection Tools and Automation”

Tool Reference: sqlmap usage and options

=

In CEH v13 Module 03: Scanning Networks, banner grabbing is defined as a technique used during reconnaissance to capture service banners that provide information about:

Web server version

Operating system

Service details

In This Case:

The engineer used Netcat to connect to port 80 (HTTP).

The response reveals the web server software (Microsoft-IIS/6), which is typical of a banner returned in the server's HTTP response headers.

This technique helps identify vulnerable versions of services.

Other Options:

B. SQL injection: Involves sending SQL payloads — unrelated here.

C. Whois query: Provides domain registration info — unrelated.

D. Cross-site scripting: Requires injecting scripts into a web app — not relevant here.