Jordan is in the vulnerability scanning step because he has already moved past identification/cataloging (information gathering) and is now actively testing IoT devices for weaknesses such as outdated firmware, default credentials, and exposed/open service ports. In IoT hacking methodology, information gathering focuses on discovering devices, mapping the environment, identifying device types, interfaces, protocols, and versions, and understanding how data flows between endpoints, gateways, mobile apps, and cloud services.
Once that baseline inventory exists, the next step is to assess the devices and their ecosystem components for known and observable security gaps.
The specific checks described are classic vulnerability scanning targets in IoT environments:
Outdated firmware can indicate known vulnerabilities, missing security fixes, and unpatched components.
Default passwords are a common IoT weakness and can enable trivial compromise when not changed.
Open service ports reveal exposed management interfaces or unnecessary services that can be enumerated or exploited.
Running "specialized tools" to systematically evaluate these elements is consistent with vulnerability scanning because it is structured assessment aimed at finding exploitable conditions, but it stops short of actually exploiting or establishing persistence.
Why the other options do not fit:
Information gathering (C) would focus on identifying devices and collecting details, not actively checking them for outdated firmware/default passwords/open ports as vulnerabilities.
Gain remote access (B) implies exploitation or obtaining unauthorized control/access, which the scenario does not indicate-he is checking and assessing.
Launch attacks (D) implies executing exploitation, disruption, or compromise steps. The question explicitly frames this as testing for weaknesses, not carrying out attacks.
Therefore, Jordan is performing A. Vulnerability scanning.

Non-repudiation is the security principle that prevents a sender from denying having performed a specific action, such as sending a message or approving a transaction. In CEH-aligned cryptography, non-repudiation is most commonly achieved using digital signatures backed by public key cryptography and, in many real- world deployments, supported by digital certificates and a trusted certificate authority. When Alice digitally signs the email contract, she uses her private key to create a signature that is mathematically tied to both her identity and the exact content of the message. Bob can then use Alice's corresponding public key to verify the signature. If verification succeeds, it provides strong evidence that the message originated from the holder of Alice's private key and that the content has not been altered since it was signed.
This is different from confidentiality, which is about preventing unauthorized disclosure of message contents through encryption. It is also distinct from integrity alone: integrity ensures the message was not modified, but non-repudiation adds accountability by binding the action to a specific signer in a way that can be demonstrated to a third party. Availability is unrelated here, as it concerns ensuring systems and data are accessible when needed.
CEH materials emphasize that non-repudiation depends on proper key management and trust infrastructure. If Alice's private key is compromised, the evidentiary value is weakened. Therefore, protecting private keys with secure storage, access controls, and revocation mechanisms is essential to preserve non-repudiation.

CEH v13 identifies Man-in-the-Browser (MitB) attacks as one of the most dangerous and difficult-to-detect session hijacking techniques, especially in online banking environments. In MitB attacks, malware operates inside the user's browser, intercepting and manipulating transactions in real time.
Unlike XSS or session fixation attacks, MitB bypasses server-side security controls entirely. Even strong encryption, multi-factor authentication, and secure cookies are ineffective because the attack occurs after authentication, within a trusted session.
Passive sniffing is limited by encryption, and session fixation relies on poor session management. Covert XSS requires injection points and is more easily mitigated.
CEH v13 emphasizes that MitB attacks can modify transaction details without user awareness, making detection extremely difficult. Therefore, Option B is correct.

The Certified Ethical Hacker (CEH) Social Engineering module defines whaling as a highly targeted phishing attack aimed specifically at senior executives or high-ranking personnel.
This scenario exhibits all whaling characteristics: personalization, impersonation of leadership, business- themed content, and tailored malware delivery.
Option D is correct.
Option A involves copying legitimate emails, but does not necessarily target executives.
Option B lacks targeting.
Option C is unrelated to email-based attacks.
CEH stresses executive awareness training to counter whaling attacks.

CEH teaches that certain advanced intrusion evasion techniques rely on understanding how firewalls differentiate between new connections and established traffic. Most perimeter firewalls scrutinize SYN packets and initial HTTP requests but allow ACK packets from established sessions to pass with minimal filtering. ACK tunneling leverages this behavior by embedding malicious payloads inside ACK packets, which appear to be part of a legitimate, pre-established session. Because ACK packets are often considered
"safe," they bypass deep inspection engines, intrusion detection systems, and application-layer gateways. This method allows attackers to move data or commands covertly between compromised internal systems and external hosts. CEH references such evasion strategies when discussing bypassing stateful firewalls and making malicious traffic appear legitimate. Port knocking and SYN scans would initiate new connections- precisely what the firewall is heavily inspecting. ICMP flooding is noisy and easily detected. ACK tunneling is specifically designed for stealth and is aligned with red team tradecraft for avoiding packet-level inspection mechanisms.