ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 129 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 129
Topic #: 1
[All 312-50v13 Questions]

A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port with specific flags enabled. Upon receiving the reply, they noticed the flags were SYN and ECN-Echo. Which test did the ethical hacker conduct and why was this specific approach adopted?

  • A. Test 3: The test was executed to observe the response of the target system when a packet with URC, PSH, SYN, and FIN flags was sent, thereby identifying the OS
  • B. Test 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL packet and this would allow the hacker to assess the OS of the target
  • C. Test 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker to probe the nature of the response and subsequently determine the OS fingerprint
  • D. Test 6: The hacker selected this test because a TCP packet with the ACK flag enabled sent to a closed TCP port would yield more information about the OS
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by NikoTomas at March 14, 2025, 10:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
1 month ago
Selected Answer: C
Correct: C TCP ECN Scan (-sN): 🔹 The Explicit Congestion Notification (ECN) scan is a special type of TCP scan that checks for firewall and OS fingerprinting behavior. 🔹 It sends a SYN packet with the ECN-Echo (ECE) and CWR flags set to probe how a target responds. 🔹 If the target replies with SYN + ECN-Echo (ECE) flags set, it indicates that the host supports ECN. Example: nmap -sN -p 80 <target-ip> ✔ Sends SYN + ECN-Echo (ECE) + CWR flags ✔ Checks for ECN support in TCP handshake Useful for: ✔ Firewall Detection: Some firewalls block ECN-enabled connections. ✔ OS Fingerprinting: Identifies operating systems that support ECN (e.g., modern Linux, Windows, BSD). ✔ Stealthy Reconnaissance: Some IDS/IPS systems don't log ECN scans as aggressive behavior.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago