Free EC-Council 312-50V13 CEH V13 Actual Exam Questions - Question 1 Discussion
botnet to
simultaneously send 's' SYN packets per second to the server. You have put measures in place to
manage ‘f
SYN packets per second, and the system is designed to deal with this number without any
performance issues.
If 's' exceeds ‘f', the network infrastructure begins to show signs of overload. The system's response
time
increases exponentially (24k), where 'k' represents each additional SYN packet above the ff limit.
Now, considering 's=500' and different 'f values, in which scenario is the server most likely to
experience overload and significantly increased response times?
D imo, since the question says s=500 and if we take f=420 from option D, then the difference is 80, which causes a huge exponential increase in response time (2^(4*80) is massive). That’s way worse than the smaller differences in B or C. The confusion about 490 seems like a typo or mix-up, but if we stick with 420, it clearly means severe overload. Even a small difference can raise response times, but this big jump in D is the worst case of all listed.
It’s B for me. Here, the server can handle 495, but it’s getting hit with 500 SYN packets, so s exceeds f by 5. That small difference triggers an exponential jump in response time (32 times normal), which is enough to overload the system noticeably. A and C don’t overload since s is less or just slightly above f, so response time stays manageable. D’s numbers are confusing, mixing 420 and 490, which makes it hard to trust that option fully. So B stands out clearly as the scenario where overload happens due to that exponential increase even with a small excess.
D. The question says f=420 but then mentions 490, which is confusing, but if we take f=420, then s=500 exceeds f by 80. Since the response time increases exponentially with each packet exceeding the limit, this difference causes a massive overload and huge slowdown. The exponential factor here (24^80) would be way higher than in options B or C, where the exceedance is much smaller. So even if the numbers are mixed up, D clearly shows the worst-case overload scenario compared to the others.
Option B makes the most sense too because s just barely exceeds f, causing that big exponential jump in response time. Even a small overload can seriously slow things down.
D imo, since the difference between s and f is biggest here, the response time skyrockets much more than in B or C, which means severe overload is most likely in this scenario.
It’s B for me. Even though D has a bigger difference between s and f, the question hints at the system handling up to ‘f’ SYN packets without issues. In B, s=500 is just over f=495, causing a sharp spike (32x) in response time, which is a clear overload signal. Option C can be ruled out since f=505 is above s, so no overload there. A is stable. So B shows the server struggling right after the threshold, making it the likely scenario for overload.
B/C? Option B shows s=500 exceeding f=495 by 5, leading to a big response time jump (32x), while option C has f=505 which is above s, so overload seems less likely. So B looks worse.
Looks like option D makes the most sense for overload. Here, s=500 and f=420 means s exceeds f by 80, causing an exponential jump in response time (2^(4*10) = 1024 times). That huge increase points to serious overload. The other options either have f greater than s or smaller differences, so less impact.