EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 361:

  Which system consists of a publicly available set of databases that contain domain name registration contact information?

  A. WHOIS
  B. CAPTCHA
  C. IANA
  D. IETF
  A. WHOIS

  ---

  Explanation

  WHOIS is an Internet service that allows users to query domain name registries to retrieve information about registered domain names. It includes data such as:

  Registrant's name and contact information

  Domain creation and expiration dates

  Registrar details and name servers

  WHOIS is often used during the reconnaissance phase in penetration testing.

  CEH v13 Official Study Guide:

  Module 2: Footprinting and Reconnaissance

  Quote:

  "WHOIS databases provide public domain registration details including contact names, email addresses, and registrar information. This is useful for initial reconnaissance."

  Incorrect Options:

  B. CAPTCHA is used to distinguish human users from bots.

  C. IANA oversees global IP address allocation and DNS root zone management.

  D. IETF is responsible for internet standards, not registrant databases.

• Question 362:

  An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

  What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

  A. Side-channel attack
  B. Denial-of-service attack
  C. HMI-based attack
  D. Buffer overflow attack
  A. Side-channel attack

  ---

  Explanation

  The described method is a classic example of a Side-Channel Attack, specifically a Timing Attack.

  Key characteristics:

  It exploits variations in response time from a system to infer sensitive information, such as the correct number of characters in a password.

  In this scenario, if a correct character causes a longer processing time, the attacker can deduce the correct sequence iteratively.

  According to CEH v13:

  Side-channel attacks do not directly break encryption but rely on observing system behavior like timing, power consumption, or electromagnetic leaks.

  These attacks are effective against poorly implemented authentication mechanisms or embedded systems like ICS/SCADA.

  Incorrect Options:

  B. Denial-of-service is aimed at making systems unavailable, not extracting credentials.

  C. HMI-based attacks involve manipulating the human-machine interface of ICS systems.

  D. Buffer overflow exploits memory handling flaws, not timing behavior.

  CEH v13 Official Courseware:

  Module 20: Cryptography

  Section: "Cryptanalysis and Side-Channel Attacks"

  Subsection: "Timing Attacks and Password Recovery"

• Question 363:

  You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files.

  To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users.

  Which of the following strategies would you recommend to them?

  A. Use hash functions to distribute the keys.
  B. implement the Diffie-Hellman protocol for secure key exchange.
  C. Use HTTPS protocol for secure key transfer.
  D. Use digital signatures to encrypt the symmetric keys.
  C. Use HTTPS protocol for secure key transfer.

  ---

  Explanation

  Symmetric encryption is a method of encrypting and decrypting data using the same secret key. Symmetric encryption is fast and efficient, but it requires a secure way of managing and distributing the keys to the users who need them. If the keys are compromised, the data is no longer secure. One of the strategies to securely manage and distribute symmetric keys is to use HTTPS protocol for secure key transfer. HTTPS is a protocol that uses SSL/TLS to encrypt the communication between a client and a server over the Internet. HTTPS can protect the symmetric keys from being intercepted or modified by an attacker during the key transfer process. HTTPS can also authenticate the server and the client using certificates, ensuring that the keys are sent to and received by the intended parties.

  To use HTTPS protocol for secure key transfer, the development team needs to implement the following steps1:

  Generate a symmetric key for each user who wants to store their files on the cloud storage platform. The symmetric key will be used to encrypt and decrypt the user's files.

  Generate a certificate for the cloud storage server. The certificate will contain the server's public key and other information, such as the server's domain name, the issuer, and the validity period. The certificate will be signed by a trusted certificate authority (CA), which is a third-party entity that verifies the identity and legitimacy of the server.

  Install the certificate on the cloud storage server and configure the server to use HTTPS protocol for communication.

  When a user wants to upload or download their files, the user's client (such as a web browser or an app) will initiate a HTTPS connection with the cloud storage server. The client will verify the server's certificate and establish a secure session with the server using SSL/TLS. The client and the server will negotiate a session key, which is a temporary symmetric key that will be used to encrypt the data exchanged during the session.

  The cloud storage server will send the user's symmetric key to the user's client, encrypted with the session key. The user's client will decrypt the symmetric key with the session key and use it to encrypt or decrypt the user's files.

  The user's client will store the symmetric key securely on the user's device, such as in a password-protected file or a hardware token. The user's client will also delete the session key after the session is over.

  Using HTTPS protocol for secure key transfer can ensure that the symmetric keys are protected from eavesdropping, tampering, or spoofing attacks. However, this strategy also has some challenges and limitations, such as:

  The development team needs to obtain and maintain valid certificates for the cloud storage server from a trusted CA, which might incur costs and administrative overhead.

  The users need to trust the CA that issued the certificates for the cloud storage server and verify the certificates before accepting them.

  The users need to protect their symmetric keys from being lost, stolen, or corrupted on their devices. The development team needs to provide a mechanism for key backup, recovery, or revocation in case of such events.

  The users need to update their symmetric keys periodically to prevent key exhaustion or reuse attacks. The development team needs to provide a mechanism for key rotation or renewal in a secure and efficient manner.

  References:

  Key Management - OWASP Cheat Sheet Series

  Symmetric Cryptography and Key Management: Exhaustion, Rotation, Defence

  What is Key Management? How does Key Management work? | Encryption Consulting

• Question 364:

  During a security assessment of a metropolitan public transportation terminal, a penetration tester examines a network-connected IoT surveillance camera system used for 24/7 video monitoring. The camera uses outdated SSLv2 encryption to transmit video data. The tester intercepts and decrypts video streams due to the weak encryption and absence of authentication mechanisms. What IoT vulnerability is most likely being exploited in this scenario?

  A. Insecure data transfer and storage
  B. Jamming attack on RF communication
  C. Credential theft via web application
  D. Replay attack on wireless signals
  A. Insecure data transfer and storage

  ---

  Explanation

  CEH identifies insecure data transfer as a critical IoT weakness. Outdated encryption protocols such as SSLv2 fail to protect confidentiality or integrity. Without strong encryption and authentication, attackers can intercept, decrypt, and manipulate video feeds.

• Question 365:

  Malware remains dormant until triggered and changes its code with each infection. What malware type is responsible, and how should it be mitigated?

  A. Adware
  B. Polymorphic malware
  C. Worm
  D. Rootkit
  B. Polymorphic malware

  ---

  Explanation

  This scenario precisely matches polymorphic malware , a type of advanced malware described in CEH v13 Malware Threats . Polymorphic malware dynamically alters its code, encryption, or signature each time it propagates, allowing it to evade traditional signature-based antivirus detection.

  Additionally, the malware's ability to remain dormant until triggered indicates logic-based activation , which is common in advanced threats designed to avoid sandbox detection.

  CEH v13 emphasizes that polymorphic malware cannot be reliably detected using static signatures. Instead, organizations must rely on behavior-based detection , heuristic analysis, and advanced threat protection systems capable of identifying suspicious runtime behavior. Options A, C, and D do not match the described behavior. Adware focuses on advertising. Worms self- propagate aggressively. Rootkits focus on stealth and persistence, not code mutation.

• Question 366:

  Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

  A. Reconnaissance
  B. Maintaining access
  C. Scanning
  D. Gaining access
  D. Gaining access

  ---

  Explanation

  This phase having the hacker uses different techniques and tools to realize maximum data from the system.

  -Password cracking - Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre- computed hash values until a match is discovered. -Password attacks - Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.

• Question 367:

  A security researcher reviewing an organization's website source code finds references to Amazon S3 file locations. What is the most effective way to identify additional publicly accessible S3 bucket URLs used by the target?

  A. Exploit XSS to force the page to reveal the S3 links
  B. Use Google advanced search operators to enumerate S3 bucket URLs
  C. Use SQL injection to extract internal file paths from the database
  D. Perform packet sniffing to intercept internal S3 bucket names
  B. Use Google advanced search operators to enumerate S3 bucket URLs

  ---

  Explanation

  OSINT-based reconnaissance includes using search engines to identify publicly exposed cloud assets. CEH highlights Google dorking as a passive method to reveal S3 buckets indexed in search engines through patterns such as site:s3.amazonaws.com or keyword-based queries.

• Question 368:

  A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed.

  Which security policy must the security analyst check to see if dial-out modems are allowed?

  A. Firewall-management policy
  B. Acceptable-use policy
  C. Permissive policy
  D. Remote-access policy
  D. Remote-access policy

  ---

  Explanation

  In CEH v13 Module 01: Information Security Controls, the Remote Access Policy is defined as the guideline that governs:

  Which remote access methods (VPNs, modems, RDP, etc.) are permitted.

  Requirements for authentication and encryption.

  Who is authorized to use them and under what conditions.

  In This Case:

  The use of a dial-out modem is considered a remote access method, especially if it bypasses the corporate firewall.

  The analyst needs to check whether such remote access is permitted, and under what security controls.

  Module 01 - Policies and Governance: Remote Access Policy

  CEH eBook: Policy Enforcement and Exception Auditing

• Question 369:

  A penetration tester evaluates a company's secure web application, which uses HTTPS, secure cookie flags, and strict session management to prevent session hijacking. To bypass these protections and hijack a legitimate user's session without detection, which advanced technique should the tester employ?

  A. Utilize a session fixation attack by forcing a known session ID during login
  B. Perform a Cross-Site Scripting (XSS) attack to steal the session token
  C. Exploit a timing side-channel vulnerability to predict session tokens
  D. Implement a Man-in-the-Middle (MitM) attack by compromising a trusted certificate authority
  D. Implement a Man-in-the-Middle (MitM) attack by compromising a trusted certificate authority

  ---

  Explanation

  CEH materials explain that modern web applications deploy multiple layers of security-HTTPS, secure cookies, HttpOnly flags, and strict session regeneration-to defend against standard hijacking methods such as token theft through XSS or fixation. When these protections are properly implemented, attackers must compromise the underlying trust relationship between the client and server to successfully intercept or manipulate session tokens. One of the most advanced techniques described in CEH is compromising a trusted certificate authority or injecting a forged certificate into the victim's trust store. This enables the attacker to perform a transparent MITM attack despite HTTPS protections. Because the victim's browser trusts the forged certificate, encrypted traffic-including session tokens-is exposed to the attacker without generating browser warnings or IDS alerts. Timing side-channel attacks are not considered session hijacking methods; XSS is mitigated by secure flags; and session fixation is ineffective when session regeneration occurs. Therefore, compromising a trusted certificate authority to enable an undetectable MITM attack is the most viable method.

• Question 370:

  Which regulation defines security and privacy controls for Federal information systems and organizations?

  A. HIPAA
  B. EU Safe Harbor
  C. PCI-DSS
  D. NIST-800-53
  D. NIST-800-53

  ---

  Explanation

  NIST Special Publication 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Modernization Act of 2014 (FISMA) and to help with managing cost-effective programs to protect their information and information systems.