nerdexam
Exams312-50V13Questions#536
EC-CouncilEC-Council

312-50V13 · Question #536

312-50V13 Question #536: Real Exam Question with Answer & Explanation

The correct answer is B: Man-in-the-middle Attack Using Forged ICMP and ARP Spoofing. Man-in-the-Middle (MitM) using Forged ICMP and ARP Spoofing (Option B) is correct because this attack specifically involves an attacker inserting their machine between a client and server, manipulating ICMP redirect messages and ARP tables to reroute traffic through their system

Submitted by neha2k· Mar 6, 2026Session Hijacking

Question

Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company. While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?

Options

  • ARST Hijacking
  • BMan-in-the-middle Attack Using Forged ICMP and ARP Spoofing
  • CUDP Hijacking
  • DTCP/IP Hijacking

Explanation

Man-in-the-Middle (MitM) using Forged ICMP and ARP Spoofing (Option B) is correct because this attack specifically involves an attacker inserting their machine between a client and server, manipulating ICMP redirect messages and ARP tables to reroute traffic through their system while making communication appear normal to both endpoints - perfectly matching the description of packets seeming to flow through the original path.

Why the distractors are wrong:

  • RST Hijacking (A) involves sending forged TCP RST (reset) packets to terminate a connection, not inserting a machine into the traffic flow.
  • UDP Hijacking (C) exploits the connectionless nature of UDP to forge response packets, but doesn't involve rerouting traffic through an attacker's machine.
  • TCP/IP Hijacking (D) involves taking over an existing TCP session by predicting sequence numbers, but the attacker intercepts rather than physically rerouting packets through their own machine.

Memory Tip: Think "MitM = Middle Machine" - the key phrase "inserts their machine" and "reroute the packets" directly signals a Man-in-the-Middle attack. Whenever you see an attacker physically positioning themselves in the communication path using ARP/ICMP manipulation, that's always MitM, not a simple session reset or sequence number attack.

Topics

#Session Hijacking#Man-in-the-middle#ARP Spoofing#Packet Rerouting

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V13 PracticeBrowse All 312-50V13 Questions