Eccouncil help2pass passed Exam Today 312-50v13 by Gruffydd q114 vce pdf

Page: 50 / 65

Exam Name:	Certified Ethical Hacker Exam (CEHv13)
Exam Code:	312-50v13 Dumps
Vendor:	ECCouncil	Certification:	CEH v13
Questions:	873 Q&A's	Shared By:	gruffydd

Question 200

During a review for DoS threats, several IP addresses generate excessive traffic. Packet inspection shows the TCP three-way handshake is never completed, leaving many connections in a SYN_RECEIVED state and consuming server resources without completing sessions. What type of DoS attack is most likely occurring?

Options:

SYN Flood

Ping of Death

UDP Flood

Smurf Attack

Discussion

Joey

I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.

Dexter Dec 25, 2025

Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.

Esmae

I highly recommend Cramkey Dumps to anyone preparing for the certification exam.

Mollie Dec 18, 2025

Absolutely. They really make it easier to study and retain all the important information. I'm so glad I found Cramkey Dumps.

Rosalie

I passed. I would like to tell all students that they should definitely give Cramkey Dumps a try.

Maja Dec 5, 2025

That sounds great. I'll definitely check them out. Thanks for the suggestion!

Ilyas

Definitely. I felt much more confident and prepared because of the Cramkey Dumps. I was able to answer most of the questions with ease and I think that helped me to score well on the exam.

Saoirse Dec 20, 2025

That's amazing. I'm glad you found something that worked for you. Maybe I should try them out for my next exam.

Question 201

You start performing a penetration test against a specific website and have decided to start by grabbing all the links from the main page.

What is the best Linux pipe to achieve your milestone?

Options:

dirb https://site.com | grep "site"

curl -s https://site.com | grep '

wget https://site.com | grep "

wget https://site.com | cut -d "http"

Discussion

Question 202

Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?

Options:

it is not necessary to perform any actions, as SNMP is not carrying important information.

SNMP and he should change it to SNMP V3

RPC and the best practice is to disable RPC completely

SNMP and he should change it to SNMP v2, which is encrypted

Discussion

Answer:

Explanation:

We have various articles already in our documentation for setting up SNMPv2 trap handling in Opsview, but SNMPv3 traps are a whole new ballgame. They can be quite confusing and complicated to set up the first time you go through the process, but when you understand what is going on, everything should make more sense.

SNMP has gone through several revisions to improve performance and security (version 1, 2c and 3). By default, it is a UDP port based protocol where communication is based on a ‘fire and forget’ methodology in which network packets are sent to another device, but there is no check for receipt of that packet (versus TCP port when a network packet must be acknowledged by the other end of the communication link).

There are two modes of operation with SNMP – get requests (or polling) where one device requests information from an SNMP enabled device on a regular basis (normally using UDP port 161), and traps where the SNMP enabled device sends a message to another device when an event occurs (normally using UDP port 162). The latter includes instances such as someone logging on, the device powering up or down, or a wide variety of other problems that would need this type of investigation.

This blog covers SNMPv3 traps, as polling and version 2c traps are covered elsewhere in our documentation.

SNMP traps

Since SNMP is primarily a UDP port based system, traps may be ‘lost’ when sending between devices; the sending device does not wait to see if the receiver got the trap. This means if the configuration on the sending device is wrong (using the wrong receiver IP address or port) or the receiver isn’t listening for traps or rejecting them out of hand due to misconfiguration, the sender will never know.

The SNMP v2c specification introduced the idea of splitting traps into two types; the original ‘hope it gets there’ trap and the newer ‘INFORM’ traps. Upon receipt of an INFORM, the receiver must send an acknowledgement back. If the sender doesn’t get the acknowledgement back, then it knows there is an existing problem and can log it for sysadmins to find when they interrogate the device.

Question 203

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.

Which of the following techniques is employed by Dayn to detect honeypots?

Options:

Detecting honeypots running on VMware

Detecting the presence of Honeyd honeypots

Detecting the presence of Snort_inline honeypots

Detecting the presence of Sebek-based honeypots