ECCouncil 312-50v13 Dumps Questions Answers

The CEH IDS/IPS Evasion module describes packet fragmentation as a common evasion technique used to bypass signature-based detection.

Option B is correct.

Other options represent different attack categories.

CEH highlights reassembly normalization as a countermeasure.

According to the Certified Ethical Hacker (CEH) System Hacking and Session Hijacking module, sidejacking is a form of session hijacking where an attacker passively intercepts network traffic to capture unencrypted session cookies. These cookies are then reused to impersonate the authenticated user without needing credentials.

CEH documentation explains that sidejacking commonly occurs on unencrypted HTTP connections, public Wi-Fi networks, or improperly secured internal networks. Once the session cookie is stolen, the attacker can replay it to gain access to the victim’s active session.

Option B correctly describes this mechanism and directly matches CEH’s definition of sidejacking.

Option A refers to perimeter exploitation, not session hijacking.

Option C describes social engineering, which is unrelated to sidejacking.

Option D is an example of cross-site scripting (XSS), not sidejacking.

CEH emphasizes HTTPS enforcement and secure cookie attributes as key countermeasures.

According to CEH v13 Security Operations and Incident Response, the first step in incident handling is identification and analysis, not immediate containment or remediation. The observed sequence—failed logins followed by abnormal outbound traffic—suggests a potential compromise, but the exact nature, scope, and impact are still unknown.

Option C aligns precisely with CEH v13’s incident response lifecycle. Real-time monitoring and detailed log analysis allow the analyst to determine whether the activity represents credential stuffing, brute-force compromise, malware-based exfiltration, or a false positive. This step preserves evidence, establishes timelines, and helps identify indicators of compromise (IOCs).

Immediately disconnecting the server (Option B) may be necessary later, but doing so prematurely can destroy volatile forensic evidence, disrupt business operations, and alert the attacker. Auditing outbound traffic alone (Option A) is too narrow and skips proper correlation of authentication logs, system logs, and process activity. Forcing credential changes (Option D) without understanding the attack vector may fail to stop malware-based persistence.

CEH v13 emphasizes that containment actions must be informed by analysis, otherwise organizations risk responding to symptoms rather than root causes. Therefore, the correct initial action is to observe, analyze, and identify, making Option C the correct answer.