ECCouncil Updated 312-50v13 Exam Questions and Answers by chelsea

In CEH v13 Module 01: Introduction to Ethical Hacking, Business Impact Analysis (BIA) is defined as a core component of the risk management process that helps identify and evaluate critical business functions, their dependencies, and the impact of downtime.

BIA is performed to:

Identify critical services and resources.

Determine the impact of their failure.

Define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).

Prioritize systems for business continuity planning.

Option Clarification:

A. EPR: Emergency Plan Response – not a formal phase in BIA or risk analysis.

C. Risk Mitigation: Involves taking actions to reduce risks, but doesn't identify business-critical services.

D. DRP: Disaster Recovery Planning focuses on restoration, not impact assessment.

One of the most common Nmap usage scenarios is scanning an Ethernet LAN. Most LANs, especially those that use the private address range granted by RFC 1918, do not always use the overwhelming majority of IP addresses. When Nmap attempts to send a raw IP packet, such as an ICMP echo request, the OS must determine a destination hardware (ARP) address, such as the target IP, so that the Ethernet frame can be properly addressed. .. This is required to issue a series of ARP requests. This is best illustrated by an example where a ping scan is attempted against an Area Ethernet host. The –send-ip option tells Nmap to send IP-level packets (rather than raw Ethernet), even on area networks. The Wireshark output of the three ARP requests and their timing have been pasted into the session.

Raw IP ping scan example for offline targets

This example took quite a couple of seconds to finish because the (Linux) OS sent three ARP requests at 1 second intervals before abandoning the host. Waiting for a few seconds is excessive, as long as the ARP response usually arrives within a few milliseconds. Reducing this timeout period is not a priority for OS vendors, as the overwhelming majority of packets are sent to the host that actually exists. Nmap, on the other hand, needs to send packets to 16 million IP s given a target like 10.0.0.0/8. Many targets are pinged in parallel, but waiting 2 seconds each is very delayed.

There is another problem with raw IP ping scans on the LAN. If the destination host turns out to be unresponsive, as in the previous example, the source host usually adds an incomplete entry for that destination IP to the kernel ARP table. ARP tablespaces are finite and some operating systems become unresponsive when full. If Nmap is used in rawIP mode (–send-ip), Nmap may have to wait a few minutes for the ARP cache entry to expire before continuing host discovery.

ARP scans solve both problems by giving Nmap the highest priority. Nmap issues raw ARP requests and handles retransmissions and timeout periods in its sole discretion. The system ARP cache is bypassed. The example shows the difference. This ARP scan takes just over a tenth of the time it takes for an equivalent IP.

Example b ARP ping scan of offline target

In example b, neither the -PR option nor the -send-eth option has any effect. This is often because ARP has a default scan type on the Area Ethernet network when scanning Ethernet hosts that Nmap discovers. This includes traditional wired Ethernet as 802.11 wireless networks. As mentioned above, ARP scanning is not only more efficient, but also more accurate. Hosts frequently block IP-based ping packets, but usually cannot block ARP requests or responses and communicate over the network.Nmap uses ARP instead of all targets on equivalent targets, even if different ping types (such as -PE and -PS) are specified. LAN.. If you do not need to attempt an ARP scan at all, specify –send-ip as shown in Example a “Raw IP Ping Scan for Offline Targets”.

If you give Nmap control to send raw Ethernet frames, Nmap can also adjust the source MAC address. If you have the only PowerBook in your security conference room and a large ARP scan is initiated from an Apple-registered MAC address, your head may turn to you. Use the –spoof-mac option to spoof the MAC address as described in the MAC Address Spoofing section.

The AndroidManifest.xml file contains information of your package, including components of the appliance like activities, services, broadcast receivers, content providers etc.

It performs another tasks also:

• it’s responsible to guard the appliance to access any protected parts by providing the permissions.

• It also declares the android api that the appliance goes to use.

• It lists the instrumentation classes. The instrumentation classes provides profiling and other informations. These informations are removed just before the appliance is published etc.

This is the specified xml file for all the android application and located inside the basis directory.

The nbtstat command is a Windows utility that displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables, and the NetBIOS name cache. However, the nbtstat command does not support IPv6 addresses, which are the standard format for the Internet Protocol version 6 (IPv6). Therefore, using the nbtstat command with IPv6 addresses will result in an error message or no output. To enumerate NetBIOS names on a network that uses IPv6, you should switch to an enumeration tool that supports IPv6, such as Nmap, which is a network scanning and security auditing tool. Nmap has a scripting engine (NSE) that allows users to write and execute scripts for various network tasks, including NetBIOS enumeration. Nmap can also detect the operating system, services, and vulnerabilities of the target machines, regardless of the IP version they use. References:

Nbtstat Command - Computer Hope

Nbtstat CMD: Windows Network Command Line Prompt

[Nmap Scripting Engine (NSE) Documentation]