EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 431:

  What is not a PCI compliance recommendation?

  A. Use a firewall between the public network and the payment card data.
  B. Use encryption to protect all transmission of card holder data over any public network.
  C. Rotate employees handling credit card transactions on a yearly basis to different departments.
  D. Limit access to card holder data to as few individuals as possible.
  C. Rotate employees handling credit card transactions on a yearly basis to different departments.

  ---

  Explanation

  https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security

  Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect cardholder data.

  2. Do not use vendor-supplied defaults for system passwords and other security parameters.

  Protect Cardholder Data

  3. Protect stored cardholder data.

  4. Encrypt transmission of cardholder data across open, public networks.

  Maintain a Vulnerability Management Program

  5. Use and regularly update anti-virus software or programs.

  6. Develop and maintain secure systems and applications.

  Implement Strong Access Control Measures

  7. Restrict access to cardholder data by business need-to-know.

  8. Assign a unique ID to each person with computer access.

  9. Restrict physical access to cardholder data.

  Regularly Monitor and Test Networks

  10. Track and monitor all access to network resources and cardholder data.

  11. Regularly test security systems and processes.

  Maintain an Information Security Policy

  12. Maintain a policy that addresses information security for employees and contractors.

• Question 432:

  Which of the following program infects the system boot sector and the executable files at the same time?

  A. Polymorphic virus
  B. Stealth virus
  C. Multipartite Virus
  D. Macro virus
  C. Multipartite Virus

  ---

  Explanation

  A Multipartite Virus is designed to infect both the boot sector and executable files of a system. This makes it more complex and harder to remove than viruses that target only one area. It can spread in multiple ways and activate under different conditions depending on whether the infected file or boot sector is accessed first.

  CEH v13 Official Curriculum states:

  "Multipartite viruses infect both the boot sector and program files. They are difficult to remove and can reinfect the system unless both locations are cleaned simultaneously."

  Incorrect Options:

  A. Polymorphic viruses change their code signatures but do not necessarily target both boot and executable areas.

  B. Stealth viruses conceal their presence, often by intercepting system calls.

  D. Macro viruses infect macro-enabled files, typically in Microsoft Office documents.

  Reference CEH v13 Guide:

  Module 06: Malware Threats

  Topic: Types of Malware - Multipartite Viruses

• Question 433:

  Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above Information?

  A. search.com
  B. EarthExplorer
  C. Google image search
  D. FCC ID search
  D. FCC ID search

  ---

  Explanation

  Footprinting techniques are used to collect basic information about the target IoT and OT platforms to exploit them. Information collected through footprinting techniques ncludes IP address, hostname, ISP, device location, banner of the target IoT device, FCC ID information, certification granted to the device, etc. pg. 5052 ECHv11 manual

  https://en.wikipedia.org/wiki/FCC_mark

  An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. For legal sale of wireless deices in the US, manufacturers must:

  1. Have the device evaluated by an independent lab to ensure it conforms to FCC standards 2. Provide documentation to the FCC of the lab results 3. Provide User Manuals, Documentation, and Photos relating to the device 4. Digitally or physically label the device with the unique identifier provided by the FCC (upon approved application)

  The FCC gets its authourity from Title 47 of the Code of Federal Regulations (47 CFR). FCC IDs are required for all wireless emitting devices sold in the USA. By searching an FCC ID, you can find details on the wireless operating frequency (including strength), photos of the device, user manuals for the device, and SAR reports on the wireless emissions

• Question 434:

  Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www. bank.com. the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before.

  When he examines the website URL closer, he finds that the site is not secure and the web address appears different.

  What type of attack he is experiencing?.

  A. Dos attack
  B. DHCP spoofing
  C. ARP cache poisoning
  D. DNS hijacking
  D. DNS hijacking

  ---

  Explanation

  Web Server Attacks - DNS Server Hijacking Attacker compromises the DNS server and changes the DNS settings so that all the requests coming towards the target web server are redirected to his/her own malicious server. (P.1623/1607)

• Question 435:

  Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

  A. JSON-RPC
  B. SOAP API
  C. RESTful API
  D. REST API
  C. RESTful API

  ---

  Explanation

  *REST is not a specification, tool, or framework, but instead is an architectural style for web services that serves as a communication medium between various systems on the web. *RESTful APIs, which are also known as RESTful services, are designed using REST principles and HTTP communication protocols RESTful is a collection of resources that use HTTP methods such as PUT, POST, GET, and DELETE

  RESTful API: RESTful API is a RESTful service that is designed using REST principles and HTTP communication protocols. RESTful is a collection of resources that use HTTP methods such as PUT, POST, GET, and DELETE. RESTful API is also designed to make applications independent to improve the overall performance, visibility, scalability, reliability, and portability of an application. APIs with the following features can be referred to as to RESTful APIs: o Stateless: The client end stores the state of the session; the server is restricted to save data during the request processing o Cacheable: The client should save responses (representations) in the cache. This feature can enhance API performance pg. 1920 CEHv11 manual.

  https://cloud.google.com/files/apigee/apigee-web-api-design-the-missing-link-ebook.pdf

  The HTTP methods GET, POST, PUT or PATCH, and DELETE can be used with these templates to read, create, update, and delete description resources for dogs and their owners. This API style has become popular for many reasons. It is straightforward and intuitive, and learning this pattern is similar to learning a programming language API. APIs like this one are commonly called RESTful APIs, although they do not display all of the characteristics that define REST (more on REST later).

• Question 436:

  An ethical hacker needs to gather sensitive information about a company's internal network without engaging directly with the organization's systems to avoid detection. Which method should be employed to obtain this information discreetly?

  A. Analyze the organization's job postings for technical details
  B. Exploit a public vulnerability in the company's web server
  C. Perform a WHOIS lookup on the company's domain registrar
  D. Use port scanning tools to probe the company's firewall
  A. Analyze the organization's job postings for technical details

  ---

  Explanation

  CEH v13 stresses the importance of passive reconnaissance when the goal is to avoid any interaction with the target's systems. Job postings frequently reveal detailed information such as internal technologies, OS platforms, security tools, IDS brands, virtualization environments, scripting languages, and cloud services. CEH explicitly notes job ads as one of the richest passive intelligence sources because organizations inadvertently disclose their tech stack, often mentioning required experience with specific network components, databases, protocols, or internal tools. Options B and D involve direct interaction, violating the passive reconnaissance requirement. WHOIS lookups (Option C) provide DNS registrar information but do not reveal internal network details. Job postings, social media recruitment materials, and HR documentation are discussed in CEH as critical OSINT resources used during the footprinting phase to gather actionable intelligence while maintaining complete stealth. Thus, analyzing job postings is the correct method.

• Question 437:

  An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources, what is the best initial approach to vulnerability assessment?

  A. Checking for hardware and software misconfigurations to identify any possible loopholes
  B. Evaluating the network for inherent technology weaknesses prone to specific types of attacks
  C. Investigating if any ex-employees still have access to the company's system and data
  D. Conducting social engineering tests to check if employees can be tricked into revealing sensitive information
  A. Checking for hardware and software misconfigurations to identify any possible loopholes

  ---

  Explanation

  A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed1. A vulnerability assessment can be performed using various tools and techniques, depending on the scope and objectives of the assessment.

  Considering the potential vulnerability sources, the best initial approach to vulnerability assessment is to check for hardware and software misconfigurations to identify any possible loopholes. Hardware and software misconfigurations are common sources of vulnerabilities that can expose the system to unauthorized access, data breaches, or service disruptions. Hardware and software misconfigurations can include:

  Insecure default settings, such as weak passwords, open ports, unnecessary services, or verbose error messages.

  Improper access control policies, such as granting excessive privileges, allowing anonymous access, or failing to revoke access for terminated users.

  Lack of encryption or authentication mechanisms, such as using plain text protocols, storing sensitive data in clear text, or transmitting data without verifying the identity of the sender or receiver.

  Outdated or incompatible software versions, such as using unsupported or deprecated software, failing to apply security patches, or having software conflicts or dependencies.

  Checking for hardware and software misconfigurations can help identify any possible loopholes that could be exploited by attackers to compromise the system or the data. Checking for hardware and software misconfigurations can be done using various tools, such as:

  Configuration management tools, such as Ansible, Puppet, or Chef, that can automate the deployment and maintenance of consistent and secure configurations across the system.

  Configuration auditing tools, such as Nipper, Lynis, or OpenSCAP, that can scan the system for deviations from the desired or expected configurations and report any issues or vulnerabilities.

  Configuration testing tools, such as Inspec, Serverspec, or Testinfra, that can verify the system's compliance with the specified configuration rules and standards.

  Therefore, checking for hardware and software misconfigurations is the best initial approach to vulnerability assessment, as it can help identify and eliminate any possible loopholes that could pose a security risk to the system or the data.

  References:

  Vulnerability Assessment Principles | Tenable?

  Configuration Management Tools: A Complete Guide - Guru99

  Top 10 Configuration Auditing Tools - Infosec Resources

  [Configuration Testing Tools: A Complete Guide - Guru99]

• Question 438:

  A financial institution's online banking platform is experiencing intermittent downtime caused by a sophisticated DDoS attack that combines SYN floods and HTTP GET floods from a distributed botnet. Standard firewalls and load balancers cannot mitigate the attack without affecting legitimate users. To protect their infrastructure and maintain service availability, which advanced mitigation strategy should the institution implement?

  A. Configure firewalls to block all incoming SYN and HTTP requests from external IPs
  B. Increase server bandwidth and apply basic rate limiting on incoming traffic
  C. Deploy an Intrusion Prevention System (IPS) with deep packet inspection capabilities
  D. Utilize a cloud-based DDoS protection service that offers multi-layer traffic scrubbing and auto-scaling
  D. Utilize a cloud-based DDoS protection service that offers multi-layer traffic scrubbing and auto-scaling

  ---

  Explanation

  Comprehensive Explanation from CEH v13 Courseware:

  CEH v13 underscores that modern multi-vector DDoS attacks-particularly SYN floods combined with Layer 7 HTTP floods-cannot be effectively mitigated by traditional firewalls, IPS devices, or local traffic filters. These systems become overwhelmed or risk blocking legitimate clients. CEH emphasizes the use of cloud- based DDoS mitigation platforms that provide traffic scrubbing , distributed filtering, rate shaping, and automatic scaling to absorb massive volumes of malicious traffic. Such services differentiate legitimate versus malicious traffic using global intelligence, behavioral analysis, and multi-layer protection strategies. Increasing bandwidth or blocking broad traffic categories is ineffective and harmful to users. An IPS cannot scale to handle volumetric attacks. Only cloud scrubbing solutions (e.g., Cloudflare, Akamai, AWS Shield Advanced) meet CEH's recommended defenses for high-volume distributed attacks. These services ensure continuous availability and minimize collateral damage by filtering traffic upstream before it reaches the organization's infrastructure.

• Question 439:

  Which advanced mobile hacking technique is the hardest to detect and mitigate in a healthcare environment?

  A. Zero-day mobile exploits
  B. App spoofing
  C. Bluejacking
  D. Side-channel attacks
  A. Zero-day mobile exploits

  ---

  Explanation

  Zero-day exploits are considered the most dangerous mobile attack vector in CEH v13 Mobile Platform Hacking . These exploits abuse previously unknown vulnerabilities, meaning no patches, signatures, or defenses exist at the time of attack.

  In healthcare environments, mobile devices access sensitive EHR systems and operate under strict compliance requirements. Zero-day exploits can bypass mobile OS security, sandboxing, and antivirus controls entirely. App spoofing and Bluejacking are easier to detect and mitigate through user awareness and Bluetooth controls. Side-channel attacks are highly specialized and rare in enterprise mobile environments.

  CEH v13 stresses that zero-day attacks pose the greatest risk due to lack of detection mechanisms , making Option A correct.

• Question 440:

  A penetration tester is testing a web application's product search feature, which takes user input and queries the database. The tester suspects inadequate input sanitization. What is the best approach to confirm the presence of SQL injection?

  A. Inject a script to test for Cross-Site Scripting (XSS)
  B. Input DROP TABLE products; -- to see if the table is deleted
  C. Enter 1' OR '1'='1 to check if all products are returned
  D. Use directory traversal syntax to access restricted files on the server
  C. Enter 1' OR '1'='1 to check if all products are returned

  ---

  Explanation

  Tautology-based SQL injection tests, such as using ' OR '1'='1, are safe and effective methods to verify whether SQL queries are being manipulated by user input. CEH emphasizes avoiding destructive queries and using logical expressions that return all rows if injection is successful.