ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 230 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 230
Topic #: 1
[All 312-50v13 Questions]

Consider a scenario where a Certified Ethical Hacker is attempting to infiltrate a company's network without being detected. The hacker intends to use a stealth scan on a BSD-derived TCP/IP stack, but he suspects that the network security devices may be able to detect SYN packets. Based on this information, which of the following methods should he use to bypass the detection mechanisms and why?

  • A. Maimon Scan, because it is very similar to NULL, FIN, and Xmas scans, but the probe used here is FIN/ACK
  • B. Xmas Scan, because it can pass through filters undetected, depending on the security mechanisms installed
  • C. TCP Connect/Full-Open Scan, because it completes a three-way handshake with the target machine
  • D. ACK Flag Probe Scan, because it exploits the vulnerabilities within the BSD-derived TCP/IP stack
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by MHafizC at Jan. 16, 2025, 3:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
1 week, 1 day ago
Selected Answer: B
Correct is B - Xmas All these three scans - A (Maimon), B (Xmas) and D (ACK scan) - are suitable for stealth scanning avoiding FW and IDS detection as connection is not properly established and logged (many firewalls and IPSes logs only established connections, not failed attempts). Key to choosing the correct answer is BSD-based TCP/IP stack in the question: In CEH v11 and v12 EC-Council specifically notes: "Xmas tree scans can be useful on systems like BSD/UNIX because these platforms follow RFC 793, which defines how to handle packets with unusual flag combinations like FIN, URG, and PSH." Xmas Scan Behavior: • Sends TCP packets with FIN, URG, and PSH flags set. • RFC 793 says: o If the port is closed, the host should reply with RST o If the port is open or filtered, there should be no response BSD stacks behave exactly this way, making it possible to infer: • Closed port → Responds with RST • Open/Filtered port → No response
upvoted 1 times
...
marcel9999
4 weeks, 1 day ago
Selected Answer: D
answer B get detected right away, so D is correct
upvoted 1 times
...
Dogeo
1 month, 1 week ago
Selected Answer: D
The Maimon scan is often used to bypass firewalls by sending FIN/ACK packets, exploiting the way the BSD-derived TCP/IP stack handles these packets
upvoted 2 times
...
MHafizC
2 months, 2 weeks ago
Selected Answer: D
ACK Flag Probe Scan
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago