CEH v13 Domain 4.3 Practice Test 003

By /

This practice test covers Domain 4 (Network and Perimeter Hacking) Subdomain 3 (Denial-of-Service) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 4.3 Practice Test 003
10 questions • 8 single-answer, 2 multi-select
Question 1
A penetration tester conducting a load assessment notices that a web server's CPU has spiked to 100% following a surge of HTTP GET requests targeting a resource-intensive dynamic search page. The requests originate from thousands of geographically distributed IP addresses at a rate that exceeds the server's processing capacity. Which application-layer DoS attack technique is being demonstrated?
    Question 2
    Jane, a threat intelligence analyst, discovers that a botnet operator is issuing attack commands through IRC channels to thousands of compromised hosts targeting major financial institutions. The command-and-control architecture is centralized, and infected machines continuously poll the IRC server for new instructions. What type of C&C model is this botnet using?
      Question 3
      A security analyst observes that an attacker has spoofed a victim's IP address in DNS queries sent to multiple open resolvers, causing DNS responses far larger than the original queries to be redirected toward the victim's server. The victim's upstream link becomes saturated even though the attacker is using minimal bandwidth. Which DoS technique is the attacker using?
        Question 4
        Elijah, a red team operator, crafts ICMP echo request packets directed at a subnet's broadcast address while spoofing the victim server's IP as the source address in each packet. Every active host on the subnet sends an ICMP reply directly to the victim, multiplying the traffic volume by the number of hosts present. What is this type of amplification DoS attack called?
          Question 5
          A DDoS mitigation engineer proposes routing all inbound traffic destined for a protected server through a specialized third-party infrastructure that inspects, filters, and removes malicious packets before forwarding only clean legitimate traffic to the destination. The solution can absorb volumetric attacks exceeding hundreds of gigabits per second and is transparent to end users. Which DDoS protection mechanism is being described?
            Question 6
            Select all that apply
            A security analyst auditing an organization's DDoS defense posture must identify tools specifically designed to detect and mitigate DDoS attacks at the network perimeter. The tools must provide real-time traffic analysis and differentiate attack traffic from legitimate requests. Which of the following are recognized DDoS protection tools? (Choose two)
              Question 7
              Kevin, a malicious actor, sends a massive volume of TCP SYN packets to a target web server without completing the three-way handshake, filling the server's connection backlog queue with half-open connections. The server exhausts available connection table entries and eventually becomes unable to accept new legitimate client connections. Which DoS attack technique is Kevin performing?
                Question 8
                An enterprise SOC analyst detects that tens of thousands of compromised IoT devices are simultaneously flooding a government agency's DNS infrastructure with UDP packets, saturating its upstream bandwidth entirely. The attack is remotely orchestrated by a single attacker who controls the infected devices through a central command server that issues instructions to bot handlers. Which DDoS infrastructure model does this attack represent?
                  Question 9
                  A security engineer reviewing OT network logs finds that SCADA controllers are crashing after receiving IP packets with deliberately overlapping fragment offset values that the systems cannot correctly reassemble. The attack does not require high bandwidth and specifically targets the IP fragmentation reassembly process. Which DoS technique is being employed?
                    Question 10
                    Select all that apply
                    A penetration tester is compiling a list of application-layer DoS techniques that exploit HTTP protocol weaknesses to exhaust web server resources without generating high-bandwidth volumetric traffic. The techniques must be stealthy enough to operate below the detection thresholds of standard volumetric DDoS protection tools. Which of the following are application-layer DoS techniques? (Choose two)
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top