In CEH v13 Module 11: Hacking Wireless Networks, WPS (Wi-Fi Protected Setup) is discussed as a vulnerable configuration that can be exploited using tools like Reaver and wash.
wash is a command-line utility used to detect WPS-enabled Access Points.
It provides information about:
Whether WPS is enabled or locked.
Signal strength, BSSID, channel, etc.
Very useful before attempting WPS PIN attacks.
Option Clarifications:
B). ntptrace: Used for querying NTP servers, not wireless networks.
C). macof: Part of dsniff suite; floods network with MAC addresses (DoS tool).
D). net view: Windows command for listing network shares, not for wireless or WPS.
Correct answer is A. wash.
Reference:
Module 11 - Wireless Tools: Reaver and wash
CEH iLabs: Using wash to Scan for WPS-enabled Devices

Operational Threat Intelligence provides insights into specific attacker methodologies, motivations, and campaigns. It involves gathering contextual information from real-world attacks, open-source intelligence (OSINT), social media, dark web forums, chat rooms, and human intelligence (HUMINT).
As per CEH v13 Official Courseware:
Operational intelligence is primarily used by security teams to anticipate specific incoming attacks.
It helps provide actionable information such as:
Who is attacking?
Why are they attacking?
What methods are they using?
What infrastructure is involved?
Incorrect Options:
A). Strategic Threat Intelligence is high-level, focusing on long-term trends and business risks.
B). Tactical Threat Intelligence is focused on TTPs (Tactics, Techniques, and Procedures) of known threats, primarily for defenders and analysts.
D). Technical Threat Intelligence includes IoCs like IPs, hashes, and URLs, often short-lived and used for detection systems.
Reference - CEH v13 Official Courseware:
Module 01: Introduction to Ethical Hacking
Section: "Types of Threat Intelligence"
Table: "Strategic vs Tactical vs Operational vs Technical Intelligence"

A man-in-the-middle attack using forged ICMP and ARP spoofing is a type of network-level session hijacking attack where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets and intercept or modify the data exchanged between the client and the server.
A man-in-the-middle attack using forged ICMP and ARP spoofing works as follows1:
* The attacker sends a forged ICMP redirect message to the client, claiming to be the gateway. The ICMP redirect message tells the client to use the attacker's machine as the next hop for reaching the server's network. The client updates its routing table accordingly and starts sending packets to the attacker's machine instead of the gateway.
* The attacker also sends a forged ARP reply message to the client, claiming to be the server. The ARP reply message associates the attacker's MAC address with the server's IP address. The client updates its ARP cache accordingly and starts sending packets to the attacker's MAC address instead of the server's MAC address.
* The attacker receives the packets from the client and forwards them to the server, acting as a relay. The attacker can also monitor, modify, or drop the packets as they wish. The server responds to the packets and sends them back to the attacker, who then forwards them to the client. The client and the server are unaware of the attacker's presence and think they are communicating directly with each other.
Therefore, Jake is studying a man-in-the-middle attack using forged ICMP and ARP spoofing, which is a type of network-level session hijacking attack.
References:
* Network or TCP Session Hijacking | Ethical Hacking - GreyCampus

A pharming attacker tries to send a web site's traffic to a faux website controlled by the offender, typically for the aim of collection sensitive data from victims or putting in malware on their machines. Attacker tend to specialize in making look-alike ecommerce and digital banking websites to reap credentials and payment card data.
Though they share similar goals, pharming uses a special technique from phishing. "Pharming attacker are targeted on manipulating a system, instead of tricking people into reaching to a dangerous web site," explains David Emm, principal security man of science at Kaspersky. "When either a phishing or pharming attacker is completed by a criminal, they need a similar driving issue to induce victims onto a corrupt location, however the mechanisms during which this is often undertaken are completely different."

CEH explains that MAC flooding overwhelms a switch's CAM table, causing it to fail open. When the table fills, the switch broadcasts frames out all ports, behaving like a hub. This exposes unicast traffic to attackers operating in promiscuous mode.