EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 531:

  What is the following command used for?

  sqlmap.py -u " http://10.10.1.20/?p=1 andforumaction=search" -dbs

  A. Creating backdoors using SQL injection
  B. Enumerating the databases in the DBMS for the URL
  C. Retrieving SQL statements being executed on the database
  D. Searching database statements at the IP address given
  B. Enumerating the databases in the DBMS for the URL

  ---

  Explanation

  The command uses sqlmap, a powerful SQL injection and database penetration testing tool. The flag -u specifies the target URL, and -dbs instructs sqlmap to enumerate the available databases on the DBMS behind that URL.

  Command Breakdown:

  -u: Target URL with injectable parameters

  -dbs: Retrieve and enumerate all available database names

  This is a common first step in identifying vulnerable DBMS structures after confirming SQL injection.

  Incorrect Options:

  A. Backdoor creation is not the default function of sqlmap.

  C. Retrieving SQL statements would require additional options like --trace or --sql-query.

  D. Option D is not technically accurate-sqlmap is used for injection and enumeration, not searching statements.

  CEH v13 Official Courseware:

  Module 14: Hacking Web Applications

  Section: "SQL Injection Tools and Automation"

  Tool Reference: sqlmap usage and options

• Question 532:

  You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. Passwords must be at least 8 characters and use 3 of the 4 categories (lowercase, uppercase, numbers, special characters). With your knowledge of likely user habits, what would be the fastest type of password cracking attack to run against these hash values?

  A. Online Attack
  B. Dictionary Attack
  C. Brute Force Attack
  D. Hybrid Attack
  D. Hybrid Attack

  ---

  Explanation

  A hybrid attack combines a dictionary and brute-force approach. Given that:

  Passwords are required to be complex

  Users still often choose predictable variations (e.g., Password123!, Welcome@2024)

  A hybrid attack is best suited because it applies common mutations to known words-much faster than full brute force and more effective than a plain dictionary attack.

  From CEH v13 Courseware:

  Module 6: Password Cracking # Attack Techniques

  CEH v13 Study Guide states:

  "Hybrid attacks combine the speed of dictionary attacks with some of the thoroughness of brute-force. It's ideal when users use complex but predictable passwords."

  Incorrect Options:

  A: Online attacks are slow and may trigger account lockouts.

  B: Plain dictionary attacks won't cover variations like "P@ssw0rd!"

  C: Brute-force would be too slow for complex passwords.

  CEH v13 Study Guide - Module 6: Password Attack StrategiesOWASP Password Cracking Cheat Sheet

• Question 533:

  Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

  A. Red hat
  B. white hat
  C. Black hat
  D. Gray hat
  B. white hat

  ---

  Explanation

  A white hat (or a white hat hacker) is an ethical computer hacker, or a computer security expert, who focuses on penetration testing and in other testing methodologies that ensures the safety of an organization's information systems. Ethical hacking may be a term meant to imply a broader category than simply penetration testing. Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively. While a white hat hacker hacks under good intentions with permission, and a black hat hacker, most frequently unauthorized, has malicious intent, there's a 3rd kind referred to as a gray hat hacker who hacks with good intentions but sometimes without permission.

  White hat hackers can also add teams called "sneakers and/or hacker clubs",red teams, or tiger teams.

  While penetration testing concentrates on attacking software and computer systems from the beginning - scanning ports, examining known defects in protocols and applications running on the system and patch installations, as an example - ethical hacking may include other things. A full-blown ethical hack might include emailing staff to invite password details, searching through executive's dustbins and typically breaking and entering, without the knowledge and consent of the targets. Only the owners, CEOs and Board Members (stake holders) who asked for such a censoring of this magnitude are aware. to undertake to duplicate a number of the destructive techniques a true attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late in the dark while systems are less critical. In most up-to-date cases these hacks perpetuate for the long-term con (days, if not weeks, of long-term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software during a public area as if someone lost the tiny drive and an unsuspecting employee found it and took it.

  Some other methods of completing these include:

  DoS attacks Social engineering tactics Reverse engineering Network security Disk and memory forensics Vulnerability research Security scanners such as:

  W3af Nessus Burp suite Frameworks such as:

  Metasploit Training Platforms

  These methods identify and exploit known security vulnerabilities and plan to evade security to realize entry into secured areas. they're ready to do that by hiding software and system `back-doors' which will be used as a link to information or access that a non-ethical hacker, also referred to as `black-hat' or `grey-hat', might want to succeed in .

• Question 534:

  The "Gray-box testing" methodology enforces what kind of restriction?

  A. Only the external operation of a system is accessible to the tester.
  B. The internal operation of a system in only partly accessible to the tester.
  C. Only the internal operation of a system is known to the tester.
  D. The internal operation of a system is completely known to the tester.
  D. The internal operation of a system is completely known to the tester.

  ---

  Explanation

  White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing, an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a system-level test. Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing requirements. Where white-box testing is design-driven,[1] that is, driven exclusively by agreed specifications of how each component of the software is required to behave (as in DO-178C and ISO 26262 processes) then white-box test techniques can accomplish assessment for unimplemented or missing requirements.

  White-box test design techniques include the following code coverage criteria:

  Control flow testing Data flow testing Branch testing Statement coverage Decision coverage Modified condition/decision coverage Prime path testing Path testing

• Question 535:

  A cybersecurity company wants to prevent attackers from gaining information about its encrypted traffic patterns . Which of the following cryptographic algorithms should they utilize?

  A. HMAC
  B. RSA
  C. DES
  D. AES
  D. AES

  ---

  Explanation

  According to the CEH Cryptography module, strong symmetric encryption algorithms are essential for protecting data confidentiality and obscuring traffic content.

  AES (Advanced Encryption Standard) is the industry-standard symmetric encryption algorithm approved by NIST and recommended by CEH for encrypting data in transit and at rest. AES provides strong resistance against cryptanalysis and prevents attackers from deriving meaningful information from encrypted traffic.

  Option D is correct because AES is efficient, secure, and widely implemented.

  Option A (HMAC) provides integrity and authentication, not encryption.

  Option B (RSA) is computationally expensive and not suitable for bulk traffic encryption.

  Option C (DES) is deprecated due to weak key length.

  CEH materials clearly recommend AES over legacy algorithms.

• Question 536:

  As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?

  A. Use symmetric encryption with the AES algorithm.
  B. Use the Diffie-Hellman protocol for key exchange and encryption.
  C. Apply asymmetric encryption with RSA and use the public key for encryption.
  D. Apply asymmetric encryption with RSA and use the private key for signing.
  D. Apply asymmetric encryption with RSA and use the private key for signing.

  ---

  Explanation

  To ensure both confidentiality and non-repudiation for secure email communication, you need to use a combination of symmetric and asymmetric cryptography. Symmetric encryption is a method of encrypting and decrypting data using the same secret key, which is faster and more efficient than asymmetric encryption. Asymmetric encryption is a method of encrypting and decrypting data using a pair of keys: a public key and a private key, which are mathematically related but not identical. Asymmetric encryption can provide authentication, integrity, and non-repudiation, as well as key distribution.

  The cryptographic technique that would best serve the purpose is to apply asymmetric encryption with RSA and use the private key for signing. RSA is a widely used algorithm for asymmetric encryption, which is based on the difficulty of factoring large numbers. RSA can be used to encrypt data, as well as to generate digital signatures, which are a way of proving the identity and authenticity of the sender and the integrity of the message.

  The steps to implement this technique are as follows1:

  Generate a pair of keys for each user: a public key and a private key. The public key can be shared with anyone, while the private key must be kept secret and protected by the user.

  When a user wants to send an email to another user, they first encrypt the email content with a symmetric key, such as AES, which is a strong and efficient algorithm for symmetric encryption. The symmetric key is then encrypted with the recipient's public key, using RSA. The encrypted email and the encrypted symmetric key are then sent to the recipient.

  The sender also generates a digital signature for the email, using their private key and a hash function, such as SHA-256, which is a secure and widely used algorithm for generating hashes. A hash function is a mathematical function that takes any input and produces a fixed-length output, called a hash or a digest, that uniquely represents the input. A digital signature is a hash of the email that is encrypted with the sender's private key, using RSA. The digital signature is then attached to the email and sent to the recipient.

  When the recipient receives the email, they first decrypt the symmetric key with their private key, using RSA. They then use the symmetric key to decrypt the email content, using AES. They also verify the digital signature by decrypting it with the sender's public key, using RSA, and comparing the resulting hash with the hash of the email, using the same hash function. If the hashes match, it means that the email is authentic and has not been tampered with.

  Using this technique, the email communication is secure because:

  The confidentiality of the email content is ensured by the symmetric encryption with AES, which is hard to break without knowing the symmetric key.

  The symmetric key is also protected by the asymmetric encryption with RSA, which is hard to break without knowing the recipient's private key.

  The non-repudiation of the email is ensured by the digital signature with RSA, which is hard to forge without knowing the sender's private key.

  The digital signature also provides authentication and integrity of the email, as it proves that the email was sent by the sender and has not been altered in transit.

  References:

  How to Encrypt Email (Gmail, Outlook, iOS, Yahoo, Android, AOL)

• Question 537:

  Abnormal DNS resolution behavior is detected on an internal network. Users are redirected to altered login pages. DNS replies come from an unauthorized internal IP and are faster than legitimate responses. ARP spoofing alerts are also detected. What sniffing-based attack is most likely occurring?

  A. Internet DNS spoofing
  B. Intranet DNS poisoning via local spoofed responses
  C. Proxy-based DNS redirection
  D. Upstream DNS cache poisoning
  B. Intranet DNS poisoning via local spoofed responses

  ---

  Explanation

  This is a textbook case of Intranet DNS Poisoning , often combined with ARP spoofing , as described in CEH v13 Network Sniffing and MITM Attacks . The attacker positions themselves inside the local network, intercepts DNS requests, and responds faster than the legitimate DNS server.

  ARP spoofing enables the attacker to perform a Man-in-the-Middle attack, allowing sniffing and modification of DNS traffic. CEH v13 notes that faster rogue responses are a strong indicator of local DNS poisoning.

• Question 538:

  You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. Given *n4000' and variable `AES key size', which scenario is likely to provide the best balance of security and performance?

  A. AES key size128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster.
  B. AES key size256 bits: This configuration provides a high level of security, but RSA key generation may be slow.
  C. AES key size192 bits: This configuration is a balance between options A and B, providing moderate security and performance.
  D. AES key size512 bits: This configuration provides the highest level of security but at a significant performance cost due to the large AES key size.
  A. AES key size128 bits: This configuration provides less security than option A, but RSA key generation and AES encryption will be faster.

  ---

  Explanation

  A hybrid encryption system is a system that combines the advantages of both asymmetric and symmetric encryption algorithms. Asymmetric encryption, such as RSA, uses a pair of keys: a public key and a private key, which are mathematically related but not identical. Asymmetric encryption can provide key exchange, authentication, and non-repudiation, but it is slower and less efficient than symmetric encryption. Symmetric encryption, such as AES, uses a single key to encrypt and decrypt data.

  Symmetric encryption is faster and more efficient than asymmetric encryption, but it requires a secure way to share the key.

  In a hybrid encryption system, RSA encryption is used for key exchange, and AES encryption is used for data encryption. This way, the system can benefit from the security of RSA and the speed of AES. However, the system also depends on the key sizes of both algorithms, which affect the security and performance of the system.

  The key size of RSA encryption determines the number of bits in the public and private keys. The larger the key size, the more secure the encryption, but also the slower the key generation and encryption/decryption processes. The time complexity of generating an RSA key pair is O(n*2), where n is the key size in bits. This means that the time required to generate an RSA key pair increases quadratically with the key size. For example, if it takes 1 second to generate a 1024-bit RSA key pair, it will take 4 seconds to generate a 2048-bit RSA key pair, and 16 seconds to generate a 4096-bit RSA key pair.

  The key size of AES encryption determines the number of bits in the symmetric key. The larger the key size, the more secure the encryption, but also the more rounds of encryption/decryption are needed. The time complexity of AES encryption is O(n), where n is the key size in bits. This means that the time required to encrypt/decrypt data increases linearly with the key size. For example, if it takes 1 second to encrypt/decrypt data with a 128-bit AES key, it will take 2 seconds to encrypt/decrypt data with a 256-bit AES key, and 4 seconds to encrypt/decrypt data with a 512-bit AES key.

  An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. This means that the time required to break RSA encryption decreases exponentially with the key size. For example, if it takes 1 second to break a 1024-bit RSA encryption, it will take 0.25 seconds to break a 2048-bit RSA encryption, and 0.0625 seconds to break a 4096-bit RSA encryption. This makes RSA encryption vulnerable to quantum attacks, unless the key size is very large.

  Given n4000 and variable AES key size, the scenario that is likely to provide the best balance of security and performance is C. AES key size192 bits. This configuration is a compromise between options A and B, providing moderate security and performance. Option A, AES key size128 bits, provides less security than option C, but RSA key generation and AES encryption will be faster. Option B, AES key size256 bits, provides more security than option C, but RSA key generation may be slow. Option D, AES key size512 bits, provides the highest level of security, but at a significant performance cost due to the large AES key size.

  References:

  Hybrid cryptosystem - Wikipedia RSA (cryptosystem) - Wikipedia Advanced Encryption Standard - Wikipedia Quantum computing and cryptography - Wikipedia

• Question 539:

  Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user.

  What is the enumeration technique used by Henry on the organization?

  A. DNS zone walking
  B. DNS cache snooping
  C. DNSSEC zone walking
  D. DNS cache poisoning
  B. DNS cache snooping

  ---

  Explanation

  DNS cache snooping is an enumeration technique where the attacker queries a DNS server to check whether a specific domain has been recently resolved by the server (i.e., it exists in the cache). If a positive response is received with low latency, it indicates that the domain was visited recently.

  Key points:

  Used to infer user browsing habits or visited domains.

  Helps attackers identify user interests or potential targets.

  Incorrect Options:

  A. DNS zone walking is used to list all domain names in a DNS zone (with misconfigured DNS servers), not for cached record inspection.

  C. DNSSEC zone walking applies only when DNSSEC is misconfigured.

  D. DNS cache poisoning is a manipulation technique, not a passive enumeration method.

  CEH v13 Official Courseware:

  Module 04: Enumeration

  Section: "DNS Enumeration"

  Subsection: "DNS Cache Snooping and Timing Analysis"

  Tool Reference: dig, nslookup

• Question 540:

  Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits into a software program, which involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit.

  Which of the following algorithms includes all the above features and can be integrated by Tony into the software program?

  A. TEA
  B. CAST-128
  C. RC5
  D. Serpent
  D. Serpent

  ---

  Explanation

  In CEH v13 Module 14: Cryptography, Serpent is detailed as one of the finalists in the Advanced Encryption Standard (AES) competition, known for its strong security characteristics.

  Key Features of Serpent:

  128-bit block size, and key sizes of 128, 192, or 256 bits.

  Uses 32 rounds of substitution and permutation.

  Operates on four 32-bit words per block.

  Employs 8 different S-boxes, each with a 4-bit input and 4-bit output.

  Designed to provide high security and resistance against differential cryptanalysis.

  Option Clarification:

  A. TEA: Uses a Feistel structure with simple operations, but not 32 rounds with S-boxes.

  B. CAST-128: Has 64-bit block size and fewer rounds.

  C. RC5: Variable block and key sizes but doesn't use 32 rounds with fixed S-box design.

  D. Serpent: Matches all given features.

  Module 14 - Symmetric Algorithms and AES Candidates

  CEH eBook: AES Finalists - Serpent, Rijndael, RC6, Twofish