ECCouncil Updated 312-50v13 Exam Questions and Answers by kyron

Firewalking is a technique used to determine what layer 4 protocols a firewall will allow by sending crafted packets with TTL values that expire at the firewall and analyzing ICMP Time Exceeded responses. This helps in determining what ports and services are allowed through a firewall.

???? Reference – CEH v13 Study Guide, Module 11: Evading IDS, Firewalls, and Honeypots

“Firewalking is a technique used to gather information about firewalls and their rule sets by sending packets with TTL values that expire at the firewall.”

❌ Incorrect options:

A. Session hijacking refers to taking over an active session.

C. MITM attacks involve intercepting communications between two parties.

D. Network sniffing involves capturing packets, not probing firewall rules.

In CEH v13 Module 03: Scanning Networks, under the Nmap Host Discovery Techniques, TCP SYN ping scan is explained as one of the methods used to determine whether a host is online by sending SYN packets to specified TCP ports.

When using Nmap:

-PS specifies a TCP SYN ping scan. It sends SYN packets to a given port (by default port 80, unless specified) to check whether a host is up and whether the port is open.

The response type to this SYN packet determines the host status:

If a SYN/ACK is received, it indicates the port is open, and the host is up.

If RST is received, the port is closed, but the host is still considered online.

If no response or ICMP unreachable is received, the host may be down or filtered.

Clarification of options:

A. -pp: This is not a valid Nmap option.

B. -PO: This sends IP Protocol Ping, used less frequently and not the same as SYN ping.

C. -PS: Correct. Performs a TCP SYN Ping Scan.

D. -PA: Sends TCP ACK Ping, used to determine firewall presence but not the same as SYN scan.

Reference from CEH v13 Study Guide and Course Material:

CEH v13 Official Module 03 – Scanning Networks, Slide: Nmap Host Discovery Techniques

EC-Council iLabs - Scanning Networks Practical Lab Guide: Section on nmap -sn -PS

Nmap Official Documentation (also referenced in CEH): https://nmap.org/book/man-host-discovery.html

MX (Mail Exchange) records in DNS define the mail servers responsible for receiving email for a domain. Each MX record has a priority value.

Important concept:

A lower number indicates a higher priority.

Email servers attempt delivery to the mail server with the lowest priority first.

For example:

If MX records are:

10 mail1.example.com

20 mail2.example.com

Then mail1 will be tried first. If it fails, mail2 will be used.

So the statement “MX record priority increases as the number increases” is false.

In CEH v13 Module 03: Scanning Networks, Nmap includes timing templates for controlling the speed and stealthiness of scans.

-T5: Insane mode – very fast, highly aggressive, easily detectable.

-T0: Paranoid mode – very slow and stealthy.

-O: Enables OS detection (not related to scan speed).

-A: Enables OS detection, version detection, script scanning, and traceroute (comprehensive but not specifically about speed).

Therefore:

If speed is your goal and you are not concerned about detection, then:

-T5 is the correct answer.