| Exam Name: | Certified Ethical Hacker Exam (CEHv13) | ||
| Exam Code: | 312-50v13 Dumps | ||
| Vendor: | ECCouncil | Certification: | CEH v13 |
| Questions: | 797 Q&A's | Shared By: | reina |
You are investigating unauthorized access to a web application using token-based authentication. Tokens expire after 30 minutes. Server logs show multiple failed login attempts using expired tokens within a short window, followed by successful access with a valid token. What is the most likely attack scenario?
Michael, an ethical hacker at a New York-based e-commerce company, is evaluating the security of their online payment system after a recent incident where fraudulent transactions went undetected. His investigation reveals that the system uses an asymmetric encryption algorithm to ensure the authenticity of payment confirmations. He finds that the algorithm employs a public-key cryptosystem, where the sender signs the transaction with a private key, and the recipient verifies it using a corresponding public key located in a directory. During his test, Michael intercepts a signed message and notices that the algorithm supports modular exponentiation for generating digital signatures, a process critical to verifying the identity of the signatory. He aims to assess if the algorithm ' s configuration could be vulnerable to a meet-in-the-middle attack due to its key structure. Which asymmetric encryption algorithm should Michael identify as the one used by the payment system?
During an internal penetration test within a large corporate environment, the red team gains access to an unrestricted network port in a public-facing meeting room. The tester deploys an automated tool that sends thousands of DHCPDISCOVER requests using randomized spoofed MAC addresses. The DHCP server’s lease pool becomes fully depleted, preventing legitimate users from obtaining IP addresses. What type of attack did the penetration tester perform?