ECCouncil Updated 312-50v13 Exam Questions and Answers by alisha

The correct answer is Dynamic ARP Inspection, or DAI, because CEH network defense material explains that DAI validates ARP packets against trusted IP-to-MAC bindings, typically built from DHCP snooping. In the scenario, the switch rejects ARP replies when the observed mappings do not match previously learned legitimate assignments. That is exactly how DAI functions. DHCP snooping alone helps build the binding table, but it is not the feature that actively inspects and drops forged ARP traffic. BPDU Guard is unrelated because it protects spanning-tree by shutting down ports that receive unexpected BPDUs, and simply displaying the snooping table is a verification action, not an enforcement mechanism. CEH describes ARP spoofing and poisoning as attacks in which forged ARP packets are used to redirect traffic, impersonate hosts, or support sniffing and man-in-the-middle attacks. DAI is designed specifically to counter that threat by checking ARP messages against known valid bindings before allowing them through the switch. Therefore, the denial behavior described is the operational signature of DAI working with DHCP snooping data.

The CEH IDS/IPS Evasion module describes packet fragmentation as a common evasion technique used to bypass signature-based detection.

Option B is correct.

Other options represent different attack categories.

CEH highlights reassembly normalization as a countermeasure.

In CEH v13 Information Security and Ethical Hacking Overview, script kiddies are defined as individuals with limited technical knowledge who rely on pre-written tools, scripts, and exploits created by others to carry out attacks. They typically lack a deep understanding of how the underlying exploits work.

CEH v13 categorizes attackers based on skill level and intent. Script kiddies sit at the lower end of the skill spectrum. They often download exploit kits, automated scanners, or attack frameworks and run them with minimal customization. While their attacks may be unsophisticated, they can still cause damage due to the availability of powerful tools.

Option B accurately reflects this definition. Options A and D describe skilled attackers or programmers, which contradicts the CEH classification. Option C is incorrect because ethical hackers use tools responsibly with authorization and possess a strong understanding of security principles.

CEH v13 emphasizes that although script kiddies are less skilled, they pose a risk because automation allows them to exploit known vulnerabilities at scale. This is why organizations must patch systems promptly and implement baseline security controls.

Thus, Option B is the correct answer.

DHCP starvation is a network-level attack in which an attacker sends a massive number of DHCPDISCOVER requests, each appearing to originate from a different MAC address. CEH courseware explains that DHCP servers assign IP leases based on unique MAC addresses, and when the lease pool is exhausted, legitimate clients are unable to obtain valid IP configurations. This disrupts network connectivity and can serve as a precursor to deploying a rogue DHCP server, enabling further attacks such as traffic redirection or credential interception. DHCP starvation is different from ARP spoofing, which manipulates MAC–IP mappings, or DNS poisoning, which corrupts domain resolution. Rogue DHCP relay attacks involve forwarding DHCP packets to unauthorized servers, not depleting leases. The scenario described—rapid MAC address spoofing and exhaustion of DHCP leases—matches the precise definition of DHCP starvation as documented in CEH materials.