EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 261:

  An attacker is analyzing traffic from a mobile app and finds that sensitive data like session tokens are being transmitted over HTTP instead of HTTPS. The attacker plans to intercept and manipulate the data during transmission. Which vulnerability is the attacker exploiting?

  A. Security Misconfiguration
  B. Improper SSL Pinning
  C. Insecure Communication
  D. Insufficient Input Validation
  C. Insecure Communication

  ---

  Explanation

  Insecure communication is defined in CEH's mobile and IoT security modules as the failure to encrypt sensitive data transmitted between a device and a server. When applications use plain HTTP instead of HTTPS, all traffic-including authentication tokens, user identifiers, and session data-can be monitored and altered by an attacker through network sniffing or man-in-the-middle attacks. CEH emphasizes that insecure transport channels represent one of the most common and critical weaknesses in mobile ecosystems, allowing attackers to harvest credentials or inject malicious commands. Security misconfiguration refers to improper server settings, while SSL pinning issues involve certificate validation bypassing. Insufficient input validation pertains to application-side data validation. None of these align as directly as insecure communication, which precisely describes the unencrypted data exposure.

• Question 262:

  in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

  A. IDEA
  B. Triple Data Encryption standard
  C. MDS encryption algorithm
  D. AES
  B. Triple Data Encryption standard

  ---

  Explanation

  Triple DES is another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. In Stealth, you merely type within the entire 192-bit (24 character) key instead of entering each of the three keys individually. The Triple DES DLL then breaks the user-provided key into three subkeys, padding the keys if necessary in order that they are each 64 bits long. The procedure for encryption is strictly an equivalent as regular DES, but it's repeated 3 times , hence the name Triple DES. the info is encrypted with the primary key, decrypted with the second key, and eventually encrypted again with the third key.

  Triple DES runs 3 times slower than DES, but is far safer if used properly. The procedure for decrypting something is that the same because the procedure for encryption, except it's executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Although the input key for DES is 64 bits long, the particular key employed by DES is merely 56 bits long . the smallest amount significant (right-most) bit in each byte may be a parity , and will be set in order that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most vital bits of every byte are used, leading to a key length of 56 bits. this suggests that the effective key strength for Triple DES is really 168 bits because each of the three keys contains 8 parity bits that aren't used during the encryption process.

  Triple DES Modes

  Triple ECB (Electronic Code Book)

  This variant of Triple DES works precisely the same way because the ECB mode of DES.

  this is often the foremost commonly used mode of operation.

  Triple CBC (Cipher Block Chaining)

  This method is extremely almost like the quality DES CBC mode.

  like Triple ECB, the effective key length is 168 bits and keys are utilized in an equivalent manner, as described above, but the chaining features of CBC mode also are employed.

  the primary 64-bit key acts because the Initialization Vector to DES.

  Triple ECB is then executed for one 64-bit block of plaintext.

  The resulting ciphertext is then XORed with subsequent plaintext block to be encrypted, and therefore the procedure is repeated.

  This method adds an additional layer of security to Triple DES and is therefore safer than Triple ECB, although it's not used as widely as Triple ECB.

• Question 263:

  Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?

  A. XXE
  B. SQLi
  C. IDOR
  D. XSS
  A. XXE

  ---

  Explanation

  In CEH v13 Module 13: Hacking Web Applications, this exact payload is an example of an XXE (XML External Entity) Attack.

  XXE Attack:

  Exploits the way XML parsers process DOCTYPE declarations.

  The payload references a local file (/etc/passwd), allowing local file inclusion.

  Can result in sensitive file disclosure, SSRF, or Denial of Service (DoS).

  Option Clarification:

  A. XXE: Correct - targets vulnerable XML parsers.

  B. SQLi: Targets SQL databases with ' OR '1''1-type injections.

  C. IDOR: Insecure Direct Object Reference, not related to XML.

  D. XSS: Cross-site scripting; this is XML-based, not JavaScript injection.

  Module 13 - XML Injection and XXE Vulnerabilities

  CEH iLabs: Testing for XXE Using Custom Payloads

• Question 264:

  Which of the following is the primary goal of ethical hacking?

  A. To disrupt services by launching denial-of-service attacks
  B. To identify and fix security vulnerabilities in a system
  C. To steal sensitive information from a company's network
  D. To spread malware to compromise multiple systems
  B. To identify and fix security vulnerabilities in a system

  ---

  Explanation

  Ethical hacking, as defined throughout CEH courseware, is the authorized and legitimate process of identifying vulnerabilities, weaknesses, and misconfigurations in information systems. The primary objective is to strengthen security by discovering issues before malicious actors can exploit them. Ethical hackers follow strict legal guidelines, obtain written permission, and operate within a defined scope to ensure their activities contribute positively to the organization's security posture. Unlike malicious hacking, the intent is not to steal data, cause harm, or disrupt operations. Ethical hackers use the same tools, techniques, and methodologies that attackers use, but with the purpose of remediation and risk reduction. CEH emphasizes that ethical hacking supports defense-in-depth strategies by enabling organizations to harden their environments and proactively mitigate threats. Therefore, identifying and fixing vulnerabilities is the central mission of ethical hacking.

• Question 265:

  Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

  What kind of attack is Susan carrying on?

  A. A sniffing attack
  B. A spoofing attack
  C. A man-in-the-middle attack
  D. A denial of service attack
  C. A man-in-the-middle attack

  ---

  Explanation

  In a man-in-the-middle (MITM) attack, an attacker intercepts communication between two parties and can read, alter, or inject data without either party knowing. Susan's actions - intercepting and modifying her boss's session data before relaying it to the server - is the classic MITM pattern.

  From CEH v13 Official Courseware:

  Module 8: Sniffing

  Module 11: Session Hijacking

  CEH v13 Study Guide states:

  "In a MITM attack, the attacker positions themselves between two communicating parties, relaying and possibly altering communications while maintaining the illusion that the parties are communicating directly."

  Incorrect Options:

  A: Sniffing only involves passive listening.

  B: Spoofing may involve impersonation but not necessarily interception and relay.

  D: DoS is about service disruption, not data interception.

  CEH v13 Study Guide - Module 8: MITM AttacksRFC 4949 - Internet Security Glossary

• Question 266:

  A penetration tester evaluates an industrial control system (ICS) that manages critical infrastructure. The tester discovers that the system uses weak default passwords for remote access. What is the most effective method to exploit this vulnerability?

  A. Perform a brute-force attack to guess the system's default passwords
  B. Execute a Cross-Site Request Forgery (CSRF) attack to manipulate system settings
  C. Conduct a denial-of-service (DoS) attack to disrupt the system temporarily
  D. Use the default passwords to gain unauthorized access to the ICS and control system operations
  D. Use the default passwords to gain unauthorized access to the ICS and control system operations

  ---

  Explanation

  Operational Technology and ICS environments often suffer from misconfigurations such as unchanged factory-default passwords. CEH identifies exploiting default credentials as a direct and effective method because ICS devices frequently lack strong authentication controls. Using these built-in credentials grants immediate unauthorized access to supervisory controls, enabling adversaries to manipulate configurations, disrupt processes, or escalate attacks across critical systems.

• Question 267:

  What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

  A. Residual risk
  B. Impact risk
  C. Deferred risk
  D. Inherent risk
  A. Residual risk

  ---

  Explanation

  https://en.wikipedia.org/wiki/Residual_risk

  The residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures); in other words, the amount of risk left over after natural or inherent risks have been reduced by risk controls.

  Residual risk (Inherent risk) - (impact of risk controls)

• Question 268:

  Which results will be returned with the following Google search query?

  site:target.com -site:Marketing.target.com accounting

  A. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
  B. Results matching all words in the query.
  C. Results for matches on target.com and Marketing.target.com that include the word "accounting"
  D. Results matching "accounting" in domain target.com but not on the site Marketing.target.com
  D. Results matching "accounting" in domain target.com but not on the site Marketing.target.com

  ---

  Explanation

  This Google dork uses advanced operators:

  site:target.com - restricts results to pages within the target.com domain

  -site:Marketing.target.com - excludes results from the marketing.target.com subdomain

  accounting - the keyword to be matched

  So, it returns pages from target.com (excluding the marketing subdomain) that include the word "accounting".

  CEH v13 Official Study Guide:

  Module 2: Footprinting and Reconnaissance

  Quote:

  "Advanced search operators like site:, inurl:, intitle:, and the minus (-) operator help to include or exclude specific domains or pages when gathering public information via Google."

  Incorrect Options:

  A. Opposite logic - this excludes marketing.target.com

  B. Too general

  C. Incorrect because marketing.target.com is excluded

• Question 269:

  An ethical hacker is conducting a penetration test on a company's network with full knowledge and permission from the organization. What is this type of hacking called?

  A. Blue Hat Hacking
  B. Grey Hat Hacking
  C. Black Hat Hacking
  D. White Hat Hacking
  D. White Hat Hacking

  ---

  Explanation

  White-hat hackers perform security assessments with authorization. CEH defines ethical hacking as legal, structured testing of network defenses with the goal of improving security rather than causing harm.

• Question 270:

  A vulnerability has a score of 9.8. What does this rating help explain?

  A. It quantifies impact and exploitability to prioritize remediation
  B. It measures authentication errors
  C. It generates exploit payloads
  D. It classifies attacks qualitatively
  A. It quantifies impact and exploitability to prioritize remediation

  ---

  Explanation

  This refers to the CVSS (Common Vulnerability Scoring System) , which CEH v13 identifies as the industry standard for vulnerability prioritization. A score of 9.8 indicates critical severity , combining metrics such as exploitability, impact, privileges required, and scope.

  CVSS helps organizations prioritize remediation objectively , focusing resources on vulnerabilities with the highest business risk. It also allows consistent communication between technical and management teams.

  Options B, C, and D misrepresent CVSS functionality. Therefore, Option A is correct.