ECCouncil Updated 312-50v13 Exam Questions and Answers by reina

STP prevents bridging loops in a redundant switched network environment. By avoiding loops, you can ensure that broadcast traffic does not become a traffic storm.

STP is a hierarchical tree-like topology with a “root” switch at the top. A switch is elected as root based on the lowest configured priority of any switch (0 through 65,535). When a switch boots up, it begins a process of identifying other switches and determining the root bridge. After a root bridge is elected, the topology is established from its perspective of the connectivity. The switches determine the path to the root bridge, and all redundant paths are blocked. STP sends configuration and topology change notifications and acknowledgments (TCN/TCA) using bridge protocol data units (BPDU).

An STP attack involves an attacker spoofing the root bridge in the topology. The attacker broadcasts out an STP configuration/topology change BPDU in an attempt to force an STP recalculation. The BPDU sent out announces that the attacker’s system has a lower bridge priority. The attacker can then see a variety of frames forwarded from other switches to it. STP recalculation may also cause a denial-of-service (DoS) condition on the network by causing an interruption of 30 to 45 seconds each time the root bridge changes. An attacker using STP network topology changes to force its host to be elected as the root bridge.

Whois footprinting is a reconnaissance technique used by attackers and penetration testers to gather publicly available information about domain names. By performing a Whois lookup, one can retrieve:

Domain registrant details (name, email, phone, and address)

Domain registration and expiry dates

Name servers and registrar information

Administrative and technical contact data

According to CEH v13:

Whois databases are maintained by Internet registrars and can be queried through tools like whois lookup or websites such as https://whois.domaintools.com.

This information helps attackers build a profile of the organization, identify potential social engineering targets, and even understand domain structure for further attacks.

Incorrect Options:

A. VPN footprinting refers to identifying VPN gateways or configurations — not related to domain data.

B. Email footprinting involves gathering information from or about email systems.

C. VoIP footprinting targets IP-based telephony systems, such as SIP endpoints.

Reference – CEH v13 Official Courseware:

Module 02: Footprinting and Reconnaissance

Section: “WHOIS Footprinting”

Tools: Whois lookup tools, ICANN WHOIS, DomainTools

Vulnerability scanning software is a tool that can help security analysts identify and prioritize known vulnerabilities in their systems and applications. However, it is not a perfect solution and has some limitations that need to be considered. One of the most critical limitations is that vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed. This means that the software itself might have bugs, errors, or oversights that could affect its accuracy, reliability, or performance. For example, the software might:

Fail to detect some vulnerabilities due to incomplete or outdated databases, incorrect signatures, or insufficient coverage of the target system or application.

Produce false positives or false negatives due to misinterpretation of the scan results, incorrect configuration, or lack of context or validation.

Cause unintended consequences or damage to the target system or application due to intrusive or aggressive scanning techniques, such as exploiting vulnerabilities, modifying data, or crashing services.

Be vulnerable to attacks or compromise by malicious actors who could exploit its weaknesses, tamper with its functionality, or steal its data.

Therefore, the security analyst should be most cautious about this limitation of vulnerability scanning software, as it could lead to a false sense of security, missed opportunities for remediation, or increased exposure to threats. The security analyst should always verify the scan results, use multiple tools and methods, and update and patch the software regularly to mitigate this risk.

Internet Relay Chat (IRC) is a real-time communication protocol. When a client connects to an IRC server, it must first identify itself using two mandatory commands:

NICK – Specifies the nickname the user wants to use.

USER – Provides user information such as username, hostname, and real name.

These are the very first commands required to establish presence on the IRC network.

From CEH v13 Official Courseware:

Module 7: Social Engineering

Module 19: IoT and Other Emerging Threats (includes botnets and IRC)

CEH v13 Study Guide states:

“When connecting to an IRC server, the client must first send the NICK and USER commands to register the session. Without these, the server will not establish a full connection.”

Incorrect Options:

B, C, D: LOGIN and PASS are not valid IRC protocol commands in this context.