ECCouncil Updated 312-50v13 Exam Questions and Answers by noel

Ransomware encrypts user data and extorts payment for restoration. CEH covers ransomware as a major threat in system hacking, highlighting encryption-based extortion as its defining behavior.

The capabilities described match an enterprise Wireless Intrusion Prevention System (WIPS) tightly integrated with WLAN infrastructure: it uses access points as sensors (placing selected APs into passive scan/monitor mode), correlates and aggregates alarms from multiple controllers into a central engine for analysis and forensic retention, and can push automated countermeasures across the campus (such as coordinated channel scanning and remote configuration enforcement) when a device is classified as malicious. This is most consistent with Cisco Adaptive Wireless IPS.

Cisco’s adaptive WIPS model uses the existing Cisco wireless architecture (controllers and APs) to provide campus-wide monitoring and enforcement. The phrase “selected APs into a passive scan mode” is a strong indicator of adaptive sensor use—APs can be dedicated or time-sliced for scanning, and the system can coordinate coverage across channels. The centralized engine concept also aligns with enterprise WIPS deployments that collect events and alarms from multiple controllers for correlation and long-term storage, supporting incident investigation and compliance.

Why the other options are less fitting:

Fern WiFi Cracker (C) is an attack/assessment tool, not a production defensive platform, and it does not provide centralized alarm aggregation and automated enterprise countermeasures.

RFProtect (B) is a known wireless security/WIPS solution family, but the question’s feature set and wording (“adaptive,” APs used for passive scanning, controller-integrated countermeasures) most closely matches Cisco’s adaptive WIPS concept.

WatchGuard Wi-Fi Cloud WIPS (A) is a vendor-managed WIPS offering; while it can provide monitoring, the scenario stresses multi-controller aggregation into a central engine and coordinated campus countermeasures via WLAN infrastructure—again aligning best with Cisco’s controller/AP ecosystem.

Therefore, the best answer is D. Cisco Adaptive Wireless IPS.

The Certified Ethical Hacker (CEH) Cloud Computing module emphasizes that serverless environments rely heavily on granular permission models. Attacks involving compromised APIs often succeed because functions are granted excessive privileges.

Option D is correct because enforcing function-level permissions and the principle of least privilege directly limits what a compromised function can execute. CEH documentation states this is the primary defense against serverless abuse.

Option A is beneficial but reactive.

Option B focuses on SaaS governance rather than FaaS execution control.

Option C provides visibility but does not directly prevent privilege misuse.

CEH highlights identity and access management (IAM) as critical in serverless security.

The CEH Malware Threats module defines polymorphic malware as malicious code that mutates its appearance (code, encryption, packing) each time it propagates, making signature-based detection ineffective. Dormancy and trigger-based activation are also common characteristics.

CEH emphasizes that behavior-based detection, sandboxing, and heuristic analysis are the most effective countermeasures against polymorphic threats.

Option D is correct.

Options A, B, and C do not address polymorphic evasion techniques.