EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 461:

  John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the IoT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of IoT devices and detect whether they are using the default, factory-set credentials.

  What is the tool employed by John in the above scenario?

  A. IoTSeeker
  B. IoT Inspector
  C. ATandT IoT Platform
  D. Azure IoT Central
  A. IoTSeeker

  ---

  Explanation

  IoTSeeker is a specialized tool used to identify Internet of Things (IoT) devices that are accessible over a network and are still configured with their default factory credentials. These devices often ship with insecure settings, which attackers can exploit.

  From CEH v13 Official Courseware:

  IoTSeeker:

  Automatically scans for common IoT devices

  Uses a database of known default usernames and passwords

  Flags insecure devices for further investigation or exploitation

  The tool is commonly used in the reconnaissance phase for identifying low-hanging vulnerabilities in IoT environments.

  Incorrect options:

  B. IoT Inspector monitors network traffic for smart devices but is more focused on behavior monitoring than credential scanning.

  C. ATandT IoT Platform and

  D. Azure IoT Central are legitimate enterprise platforms for IoT device management and are not penetration testing tools.

  Reference -CEH v13 Official Courseware:

  Module 18: IoT and OT Hacking

  Section: "IoT Attack Surface"

  Tool Reference: "IoTSeeker"

  Practical Lab: CEH Engage IoT Device Discovery

• Question 462:

  What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?

  A. Vulnerability hunting program
  B. Bug bounty program
  C. White-hat hacking program
  D. Ethical hacking program
  B. Bug bounty program

  ---

  Explanation

  Bug bounty programs allow independent security researchers to report bugs to an companies and receive rewards or compensation. These bugs area unit sometimes security exploits and vulnerabilities, although they will additionally embody method problems, hardware flaws, and so on.

  The reports area unit usually created through a program travel by associate degree freelance third party (like Bugcrowd or HackerOne). The companies can got wind of (and run) a program curated to the organization's wants.

  Programs is also non-public (invite-only) wherever reports area unit unbroken confidential to the organization or public (where anyone will sign in and join). they will happen over a collection timeframe or with without stopping date (though the second possibility is a lot of common).

  Who uses bug bounty programs?

  Many major organizations use bug bounties as an area of their security program, together with AOL, Android, Apple, Digital Ocean, and goldman Sachs. you'll read an inventory of all the programs offered by major bug bounty suppliers, Bugcrowd and HackerOne, at these links.

  Why do corporations use bug bounty programs?

  Bug bounty programs provide corporations the flexibility to harness an outsized cluster of hackers so as to seek out bugs in their code.

  This gives them access to a bigger variety of hackers or testers than they'd be able to access on a one-on-one basis. It {can also|also will|can even|may also|may} increase the probabilities that bugs area unit found and reported to them before malicious hackers can exploit them.

  It may also be an honest publicity alternative for a firm. As bug bounties became a lot of common, having a bug bounty program will signal to the general public and even regulators that a corporation incorporates a mature security program.

  This trend is likely to continue, as some have began to see bug bounty programs as an business normal that all companies ought to invest in.

  Why do researchers and hackers participate in bug bounty programs?

  Finding and news bugs via a bug bounty program may end up in each money bonuses and recognition. In some cases, it will be a good thanks to show real-world expertise once you are looking for employment, or will even facilitate introduce you to parents on the protection team within an companies.

  This can be full time income for a few of us, income to supplement employment, or the way to point out off your skills and find a full time job.

  It may also be fun! it is a nice (legal) probability to check out your skills against huge companies and government agencies.

  What area unit the disadvantages of a bug bounty program for independent researchers and hackers?

  A lot of hackers participate in these varieties of programs, and it will be tough to form a major quantity of cash on the platform.

  In order to say the reward, the hacker has to be the primary person to submit the bug to the program. meaning that in apply, you may pay weeks searching for a bug to use, solely to be the person to report it and build no cash.

  Roughly ninety seven of participants on major bug bounty platforms haven't sold-out a bug.

  In fact, a 2019 report from HackerOne confirmed that out of quite three hundred,000 registered users, solely around two.5% received a bounty in their time on the platform.

  Essentially, most hackers are not creating a lot of cash on these platforms, and really few square measure creating enough to switch a full time wage (plus they do not have advantages like vacation days, insurance, and retirement planning).

  What square measure the disadvantages of bug bounty programs for organizations?

  These programs square measure solely helpful if the program ends up in the companies realizeing issues that they weren't able to find themselves (and if they'll fix those problems)!

  If the companies is not mature enough to be able to quickly rectify known problems, a bug bounty program is not the right alternative for his or her companies.

  Also, any bug bounty program is probably going to draw in an outsized range of submissions, several of which can not be high-quality submissions. a corporation must be ready to cope with the exaggerated volume of alerts, and also the risk of a coffee signal to noise magnitude relation (essentially that it's probably that they're going to receive quite few unhelpful reports for each useful report).

  Additionally, if the program does not attract enough participants (or participants with the incorrect talent set, and so participants are not able to establish any bugs), the program is not useful for the companies.

  The overwhelming majority of bug bounty participants consider web site vulnerabilities (72%, per HackerOn), whereas solely a number of (3.5%) value more highly to seek for package vulnerabilities.

  This is probably because of the actual fact that hacking in operation systems (like network hardware and memory) needs a big quantity of extremely specialised experience. this implies that firms may even see vital come on investment for bug bounties on websites, and not for alternative applications, notably those that need specialised experience.

  This conjointly implies that organizations which require to look at AN application or web site among a selected time-frame may not need to rely on a bug bounty as there is no guarantee of once or if they receive reports.

  Finally, it are often probably risky to permit freelance researchers to try to penetrate your network. this could end in public speech act of bugs, inflicting name harm within the limelight (which could end in individuals not eager to purchase the organizations' product or service), or speech act of bugs to additional malicious third parties, United Nations agency may use this data to focus on the organization.

• Question 463:

  Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?

  A. Bluesmacking
  B. BlueSniffing
  C. Bluejacking
  D. Bluesnarfing
  C. Bluejacking

  ---

  Explanation

  https://en.wikipedia.org/wiki/Bluejacking

  Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.

  Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.

  Bluejacking is also confused with Bluesnarfing, which is the way in which mobile phones are illegally hacked via Bluetooth.

• Question 464:

  _________ is a type of phishing that targets high-profile executives such as CEOs, CFOs, politicians, and celebrities who have access to confidential and highly valuable information.

  A. Spear phishing
  B. Whaling
  C. Vishing
  D. Phishing
  B. Whaling

  ---

  Explanation

  According to CEH v13 Module 09: Social Engineering, Whaling is a specific type of phishing attack that targets senior executives and high-value individuals.

  It's called "whaling" because these individuals are the "big fish."

  Attacks are highly targeted and customized, often using knowledge of the executive's company, responsibilities, or communication style.

  The goal is to gain access to sensitive systems, financial assets, or confidential data.

  Option Breakdown:

  A. Spear phishing: Targeted phishing but not necessarily aimed at high-profile executives.

  B. Whaling: Correct - phishing directed at C-level or VIP targets.

  C. Vishing: Voice phishing - conducted over telephone/VoIP.

  D. Phishing: General term - broader category.

  Module 09 - Social Engineering Techniques: Whaling vs. Phishing

  CEH Engage Labs: Simulated Whaling and Spear Phishing Attacks

• Question 465:

  A penetration tester suspects that a web application's login form is vulnerable to SQL injection due to improper sanitization of user input. What is the most appropriate approach to test for SQL injection in the login form?

  A. Inject JavaScript into the input fields to test for Cross-Site Scripting (XSS)
  B. Enter ' OR '1''1 in the username and password fields to bypass authentication
  C. Perform a directory traversal attack to access sensitive files
  D. Use a brute-force attack on the login page to guess valid credentials
  B. Enter ' OR '1''1 in the username and password fields to bypass authentication

  ---

  Explanation

  CEH v13 explains that SQL injection typically occurs when user inputs are concatenated into SQL queries without proper validation or parameterization. The login form is one of the most common injection targets, and testers use specific test payloads designed to manipulate the authentication query. A classic test string such as ' OR '1''1 exploits conditional logic to force the SQL statement to evaluate as true, effectively bypassing authentication if the application is vulnerable. CEH notes that this technique is a standard initial test because it is low-risk, easily detectable if vulnerable, and directly confirms improper sanitization. JavaScript injection (Option A) tests for XSS, not SQLi. Directory traversal (Option C) targets file path vulnerabilities rather than SQL queries. Brute-force attacks (Option D) rely on guessing credentials and do not test input sanitization. Therefore, using a logical SQL injection payload is the most appropriate and CEH- aligned method.

• Question 466:

  Working as an Information Security Analyst at a technology firm, you are designing training material for employees about the dangers of session hijacking . As part of the training, you want to explain how attackers could use sidejacking to compromise user accounts. Which of the following scenarios most accurately describes a sidejacking attack -

  A. An attacker exploits a vulnerability in the company's network firewall to gain unauthorized access to internal systems.
  B. An attacker intercepts network traffic, captures unencrypted session cookies, and uses them to impersonate the user.
  C. An attacker uses social engineering techniques to trick an employee into revealing their password.
  D. An attacker convinces an employee to visit a malicious website that injects a harmful script into their browser.
  B. An attacker intercepts network traffic, captures unencrypted session cookies, and uses them to impersonate the user.

  ---

  Explanation

  According to the Certified Ethical Hacker (CEH) System Hacking and Session Hijacking module, sidejacking is a form of session hijacking where an attacker passively intercepts network traffic to capture unencrypted session cookies . These cookies are then reused to impersonate the authenticated user without needing credentials.

  CEH documentation explains that sidejacking commonly occurs on unencrypted HTTP connections , public Wi-Fi networks, or improperly secured internal networks. Once the session cookie is stolen, the attacker can replay it to gain access to the victim's active session.

  Option B correctly describes this mechanism and directly matches CEH's definition of sidejacking.

  Option A refers to perimeter exploitation, not session hijacking.

  Option C describes social engineering, which is unrelated to sidejacking. Option D is an example of cross-site scripting (XSS), not sidejacking.

  CEH emphasizes HTTPS enforcement and secure cookie attributes as key countermeasures.

• Question 467:

  A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

  What is the best security policy concerning this setup?

  A. Network elements must be hardened with user IDs and strong passwords. Regular security tests and audits should be performed.
  B. As long as the physical access to the network elements is restricted, there is no need for additional measures.
  C. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
  D. The operator knows that attacks and downtime are inevitable and should have a backup site.
  A. Network elements must be hardened with user IDs and strong passwords. Regular security tests and audits should be performed.

  ---

  Explanation

  While perimeter defenses like firewalls and IPS provide a layer of protection, internal systems (such as network elements) must also be hardened. This includes:

  Enforcing strong authentication

  Applying regular patches and updates

  Conducting vulnerability assessments and security audits

  Security should be layered (defense in depth), and reliance on perimeter defense alone is insufficient.

  CEH v13 Official Study Guide:

  Module 3: Scanning Networks / Module 18: Incident Response

  Quote:

  "Internal systems must be hardened with secure configurations and tested regularly. A layered security approach is required even in protected environments." Incorrect Options:

  B and C. Relying only on perimeter or physical security is not sufficient

  D. While backup sites are part of DR, they don't replace proactive protection

• Question 468:

  Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via well-defined channels. For this purpose, he used an open-source technology that helped him in developing, packaging, and running applications; further, the technology provides PaaS through OS-level visualization, delivers containerized software packages, and promotes fast software delivery. What is the cloud technology employed by Alex in the above scenario?

  A. Virtual machine
  B. Serverless computing
  C. Docker
  D. Zero trust network
  C. Docker

  ---

  Explanation

  The description in the scenario clearly points to Docker. Docker is an open-source platform that automates the deployment, scaling, and management of applications inside containers. It allows:

  Isolation of applications from the underlying system

  Communication through well-defined APIs and networking interfaces

  Rapid packaging and shipping of applications in a containerized format

  Docker uses OS-level virtualization and is ideal for Platform-as-a-Service (PaaS) environments.

  Incorrect Options:

  A. Virtual machines virtualize entire operating systems and are heavier in resource use.

  B. Serverless computing abstracts the infrastructure entirely but is not about containerization.

  D. Zero Trust is a security architecture, not a development or packaging platform.

  CEH v13 Official Courseware:

  Module 19: Cloud Computing

  Section: "Containerization and Docker"

  Subsection: "Security Benefits of Containers"

• Question 469:

  Using nbtstat -A , NetBIOS names including <20> and <03> are retrieved, but shared folders cannot be listed. Why?

  A. File and printer sharing is disabled
  B. NetBIOS runs on a non-standard port
  C. nbtstat cannot enumerate shared folders
  D. The host is not in an AD domain
  C. nbtstat cannot enumerate shared folders

  ---

  Explanation

  CEH v13 clarifies that nbtstat is used only for NetBIOS name table enumeration , not for listing shared resources. Tags such as <20> indicate file server services, but share enumeration requires tools like net view or SMB enumeration utilities.

  Thus, the inability to list shares is due to tool limitation , not service configuration. Option C is correct.

• Question 470:

  You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

  A. Nmap
  B. Cain and Abel
  C. Nessus
  D. Snort
  D. Snort

  ---

  Explanation

  Snort is an open-source Network Intrusion Detection and Prevention System (NIDS/NIPS) capable of real- time traffic analysis and packet logging. It functions as a sniffer and can detect various forms of attacks using signature-based rules.

  CEH v13 Reference:

  Module 10: Evading IDS, Firewalls, and Honeypots

  "Snort can operate as a sniffer, logger, or full NIDS capable of real-time traffic analysis."