Comprehensive and Detailed Explanation:
IDS cannot easily detect malicious content in encrypted traffic. Since the payload is encrypted (e.g., HTTPS, SSL/TLS), it is unreadable without decryption.
Statement B is therefore FALSE.
From CEH v13 Courseware:
* Module 13: IDS, Firewalls and Honeypots # Limitations of IDS
Reference:CEH v13 Study Guide - IDS Capabilities and Limitations

CEH IoT security modules describe insecure network services as vulnerabilities arising when IoT devices communicate over unencrypted channels, use unauthenticated update mechanisms, or expose services that fail to validate data integrity. When operational commands and firmware updates are transmitted over HTTP without cryptographic safeguards, attackers can intercept, replay, or modify the data stream. Firmware integrity verification is a critical component of secure device lifecycle management. Without it, adversaries can perform firmware injection, allowing them remote control, persistent compromise, or sabotage of device functionality. This aligns directly with insecure network services, which CEH defines as improperly protected communication mechanisms and service interactions within IoT ecosystems. Insecure ecosystem interfaces generally relate to cloud APIs and web dashboards, insecure default settings involve weak credentials or factory configurations, and insufficient privacy protection relates to data confidentiality rather than command manipulation. The described scenario most clearly fits insecure network services.

User-directed spidering is a technique that allows the hacker to manually browse the target website and use a proxy or spider tool to capture and analyze the traffic. This way, the hacker can discover hidden or dynamic content that standard web spiders may miss due to a specific file in the root directory, such as robots.txt, that instructs them not to crawl certain pages or directories. User-directed spidering can also help the hacker to bypass authentication or authorization mechanisms, as well as identify vulnerabilities or sensitive information in the target website. User-directed spidering can be performed with tools like Burp Suite and WebScarab, which are web application security testing tools that can intercept, modify, and replay HTTP requests and responses, as well as perform various attacks and scans on the target website.
The other options are not likely to achieve the same results as user-directed spidering. Using Photon to retrieve archived URLs of the target website from archive.org may provide some historical information about the website, but it may not reflect the current state or content of the website. Using the Netcraft tool to gather website information may provide some general information about the website, such as its IP address, domain name, server software, or hosting provider, but it may not reveal the specific files or web pages on the website. Examining HTML source code and cookies may provide some clues about the website's structure, functionality, or user preferences, but it may not expose the hidden or dynamic content that user-directed spidering can discover. References:
User Directed Spidering with Burp
Web Spidering - What Are Web Crawlers & How to Control Them
Web Security: Recon
Mapping the Application for Penetrating Web Applications - 1

Hashing is a one-way function-by design, it cannot be reversed. Password-cracking tools do not "reverse" the hash. Instead, they:
Generate a list of potential passwords.
Hash each candidate using the same algorithm.
Compare the result to the target hash.
If a match is found, the original password is revealed by correlation, not reversal.
From CEH v13 Official Courseware:
Module 6: Cryptography and Password Cracking
CEH v13 Study Guide states:
"Hash functions are one-way and irreversible. Password-cracking tools work by hashing wordlists or character combinations and comparing them to known password hashes." Reference:CEH v13 Study Guide - Module 6: Password Hashing ConceptsNIST FIPS 180-4 - Secure Hash Standard

A Protocol Analyzer is the correct tool used to examine the contents of packet data (often stored in .pcap files) to determine if a particular sequence of traffic is suspicious, malformed, or part of a known exploit.
In CEH v13:
Module 3: Scanning Networks
Module 4: Enumeration
Module 5: Vulnerability Analysis
Related Lab: Packet Analysis using Wireshark
The CEH v13 Study Guide states:
"A protocol analyzer (e.g., Wireshark) captures and decodes packets to display their contents and help analysts understand communication flows and anomalies. It is used to manually inspect packet contents and behavior, which helps distinguish legitimate traffic from attacks." PCAP (Packet Capture) files are typically analyzed using tools like Wireshark. These tools decode protocol layers and show payloads, making it easier for analysts to identify if IDS alerts were accurate or false positives.
Incorrect Options:
B). Network sniffer: General term; protocol analyzer is the specific functional tool used.
C). IPS: Prevents or blocks malicious traffic, but does not analyze existing packet captures.
D). Vulnerability scanner: Identifies vulnerabilities on systems/services; not used for packet capture review.
Reference:CEH v13 Study Guide - Module 3: Scanning Networks, "Using Packet Capture and Protocol Analysis Tools"CEH iLabs: "Network Scanning and Protocol Analysis with Wireshark"