ECCouncil Updated 312-50v13 Exam Questions and Answers by adelina

WPA2-PSK networks authenticate users using a pre-shared key derived from a passphrase. After capturing the 4-way handshake, CEH teaches that the standard and most effective method to recover the key is to perform an offline dictionary attack, where wordlist entries are hashed and compared against the captured handshake values. Offline cracking avoids detection and is significantly faster than brute-force attempts.

In CEH’s web application and mobile security modules, improper session management is defined as a failure to enforce session expiration, token invalidation, or secure session lifecycle controls. When an application does not invalidate a session token after logout, attackers can exploit this by performing a replay attack: reusing previously captured session identifiers to impersonate the user and gain unauthorized access. CEH teaches that replaying a live token is the simplest and most direct exploitation method because it does not require guessing or stealing new tokens—the attacker simply reuses a valid one that should have been invalidated. CSRF relies on exploiting a user’s active session and is not required when the attacker already possesses a reusable token. Brute-forcing session tokens is computationally expensive and unnecessary. SQL injection is unrelated to session lifecycle flaws unless token storage is directly exposed. Therefore, a replay attack is the correct exploitation method.

According to the CEH Network Scanning module, Idle Scanning (Zombie Scanning) is one of the most stealthy reconnaissance techniques. In this method, the attacker uses an idle third-party host (zombie) to probe the target indirectly.

Because all scan packets appear to originate from the zombie system, the true attacker remains hidden. CEH highlights that idle scans:

Are extremely stealthy

Generate minimal traffic from the attacker

Make attribution very difficult

Option B is correct.

Option A (FIN scan) is stealthy but still traceable.

Option C is noisy and easily detected.

Option D describes a Xmas scan, which is detectable.

CEH classifies idle scanning as one of the hardest scanning techniques to trace.

This scenario is a classic session fixation attack. In session fixation, the attacker sets or “fixes” a known session identifier (session ID) for the victim before the victim authenticates. The attacker then persuades the victim to use that predetermined session—often by embedding the session ID into a URL, link, or cookie setting mechanism. Once the victim logs in, the application incorrectly continues using the same session ID (rather than issuing a new one upon authentication). As a result, the attacker can reuse that known session ID to access the victim’s authenticated session context.

The described sequence matches session fixation exactly: James first crafts a session and obtains a session ID, then shares it with the victim via a link, the victim clicks and logs in, and “their activity is bound to the attacker’s pre-assigned session.” Later, James accesses the session and retrieves the victim’s input—demonstrating that authentication was tied to an attacker-controlled session token.

Why the other options do not fit:

Session replay (B) involves capturing a valid session token (e.g., via sniffing, XSS, or leakage) and replaying it, but it does not require pre-setting the token before the victim logs in.

Session prediction (C) is about guessing or calculating valid session IDs due to weak randomness. Here the attacker does not guess; he deliberately provides a session ID he already controls.

“Session donation (A)” is not the standard classification for this well-known web session weakness in CEH-style taxonomy; the described behavior aligns with fixation.

Therefore, the correct answer is D. Session Fixation Attack.