EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 631:

  You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?

  A. John the Ripper
  B. SET
  C. CHNTPW
  D. Cain and Abel
  C. CHNTPW

  ---

  Explanation

  CHNTPW (Change NT Password) is a Linux-based utility that allows attackers or administrators to:

  Reset Windows user account passwords

  Unlock disabled or locked user accounts

  Remove password protection without knowing the original password

  It works by editing the Windows SAM (Security Account Manager) file located in the Windows system directory.

  CEH v13 Official Study Guide:

  Module 5: System Hacking

  Quote:

  "CHNTPW is a tool that can reset or change passwords on Windows systems by directly editing the SAM database. It is commonly run from a Linux LiveCD."

  Incorrect Options:

  A. John the Ripper is for cracking passwords, not resetting them directly.

  B. SET (Social Engineering Toolkit) is for phishing and payloads, not password resets.

  D. Cain and Abel is a password recovery tool for Windows but runs on Windows, not Linux.

• Question 632:

  Richard, an attacker, aimed to hack loT devices connected to a target network. In this process. Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the loT network, which repeats the captured signals of the devices. What Is the type of attack performed by Richard In the above scenario?

  A. Side-channel attack
  B. Replay attack
  C. CrypTanalysis attack
  D. Reconnaissance attack
  B. Replay attack

  ---

  Explanation

  Replay Attack could be a variety of security attack to the info sent over a network.

  In this attack, the hacker or a person with unauthorized access, captures the traffic and sends communication to its original destination, acting because the original sender. The receiver feels that it's Associate in Nursing genuine message however it's really the message sent by the aggressor. the most feature of the Replay Attack is that the consumer would receive the message double, thence the name, Replay Attack.

  Prevention from Replay Attack :

  1. Timestamp technique -

  Prevention from such attackers is feasible, if timestamp is employed at the side of the info. Supposedly, the timestamp on an information is over a precise limit, it may be discarded, and sender may be asked to send the info once more.

  2. Session key technique -

  Another way of hindrance, is by victimisation session key. This key may be used one time (by sender and receiver) per dealing, and can't be reused.

• Question 633:

  Which of the following is not a Bluetooth attack?

  A. Bluedriving
  B. Bluesmacking
  C. Bluejacking
  D. Bluesnarfing
  A. Bluedriving

  ---

  Explanation

  https://github.com/verovaleros/bluedriving

  Bluedriving is a bluetooth wardriving utility. It can capture bluetooth devices, lookup their services, get GPS information and present everything in a nice web page. It can search for and show a lot of information about the device, the GPS address and the historic location of devices on a map. The main motivation of this tool is to research about the targeted surveillance of people by means of its cellular phone or car. With this tool you can capture information about bluetooth devices and show, on a map, the points where you have seen the same device in the past.

• Question 634:

  Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

  

  What is Eve trying to do?

  A. Eve is trying to connect as a user with Administrator privileges
  B. Eve is trying to enumerate all users with Administrative privileges
  C. Eve is trying to carry out a password crack for user Administrator
  D. Eve is trying to escalate privilege of the null user to that of Administrator
  C. Eve is trying to carry out a password crack for user Administrator

  ---

  Explanation

  The command shown is a Windows batch loop that attempts to mount a hidden administrative share (c$) on a remote machine (\10.1.2.3) using the username "Administrator" and a list of passwords from the file hackfile.txt.

  for /f "tokens1 %%a in (hackfile.txt) # Reads one password per line from the file do net use * \10.1.2.3\c$ /user:"Administrator" %%a # Tries to authenticate to the share using the Administrator account and each password

  This is a classic brute-force password attack attempting to crack the Administrator account using a wordlist.

  From CEH v13 Official Courseware:

  Module 4: Enumeration

  Module 6: Malware and Password Cracking Techniques

  CEH v13 Study Guide states:

  "Tools and scripts that automate login attempts using SMB shares and administrative credentials can be used to brute force user accounts. An attacker attempts access using a list of passwords (dictionary attack)."

  Incorrect Options:

  A: The connection attempt is made, but the success is dependent on password cracking.

  B: This command does not enumerate users.

  D: No null session involved; this is a brute-force attempt, not privilege escalation.

  CEH v13 Study Guide - Module 4: Enumeration # Brute-force TechniquesMicrosoft TechNet: net use command documentation

• Question 635:

  As a security analyst for Sky Secure Inc., you are working with a client that uses a multi-cloud strategy, utilizing services from several cloud providers. The client wants to implement a system that will provide unified security management across all their cloud platforms. They need a solution that allows them to consistently enforce security policies, identify and respond to threats, and maintain visibility of all their cloud resources. Which of the following should you recommend as the best solution?

  A. Use a hardware-based firewall to secure all cloud resources.
  B. implement separate security management tools for each cloud platform.
  C. Use a Cloud Access Security Broker (CASB).
  D. Rely on the built-in security features of each cloud platform.
  C. Use a Cloud Access Security Broker (CASB).

  ---

  Explanation

  A Cloud Access Security Broker (CASB) is a security policy enforcement point, either on-premises or in the cloud, that administers an organization's enterprise security policies when users attempt to access its cloud- based resources. A CASB can provide unified security management across multiple cloud platforms, as it can monitor cloud activity, enforce security policies, identify and respond to threats, and maintain visibility of all cloud resources. A CASB can also integrate with other security tools, such as data loss prevention (DLP), encryption, malware detection, and identity and access management (IAM), to enhance the security posture of the organization.

  The other options are not as effective or feasible as using a CASB. Using a hardware-based firewall to secure all cloud resources may not be compatible with the dynamic and scalable nature of the cloud, as it may introduce latency, complexity, and cost. Implementing separate security management tools for each cloud platform may create inconsistency, inefficiency, and confusion, as each tool may have different features, interfaces, and configurations. Relying on the built-in security features of each cloud platform may not be sufficient or comprehensive, as each platform may have different levels of security, compliance, and functionality.

  References:

  What Is a Cloud Access Security Broker (CASB)? | Microsoft

  What Is a CASB? - Cloud Access Security Broker - Cisco

  What is a Cloud Access Security Broker (CASB)?

• Question 636:

  What is the main security service a cryptographic hash provides?

  A. Integrity and ease of computation
  B. Message authentication and collision resistance
  C. Integrity and collision resistance
  D. Integrity and computational infeasibility
  C. Integrity and collision resistance

  ---

  Explanation

  Comprehensive and Detailed Explanation:

  Cryptographic hash functions provide:

  Integrity: Any change in the input changes the output hash.

  Collision Resistance: It is computationally infeasible to find two inputs that produce the same hash.

  This ensures data is not altered during transmission.

  From CEH v13 Courseware:

  Module 10: Cryptography # Hashing Functions (e.g., SHA-256, MD5)

  NIST SP 800-107 - "Cryptographic hash functions provide integrity by detecting changes in data via collision-resistant functions."

• Question 637:

  What is the role of test automation in security testing?

  A. It is an option but it tends to be very expensive.
  B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
  C. Test automation is not usable in security due to the complexity of the tests.
  D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
  D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

  ---

  Explanation

  In the context of security testing, test automation plays a critical role in improving the speed and consistency of testing activities. However, it cannot entirely replace manual testing because certain security vulnerabilities-especially logic flaws or issues with session management-often require human intuition and contextual understanding.

  According to CEH v13 Official Courseware - Module 05 (Vulnerability Analysis), and confirmed in the CEH v13 Study Guide, automated testing is best suited for:

  Repetitive benchmark tests

  Regression testing

  Scanning for known vulnerabilities

  Ensuring consistency across environments

  However, manual testing is still essential for:

  Business logic testing

  Security misconfiguration identification

  Discovering zero-day flaws

  CEH v13 eCourseware - Module 05: Vulnerability Analysis #";Role of Automation in Vulnerability Assessments and Testing"

  CEH v13 Study Guide - Chapter: "Security Testing Techniques"

• Question 638:

  What does the -oX flag do in an Nmap scan?

  A. Perform an eXpress scan
  B. Output the results in truncated format to the screen
  C. Output the results in XML format to a file
  D. Perform an Xmas scan
  C. Output the results in XML format to a file

  ---

  Explanation

  https://nmap.org/book/man-output.html

  -oX - Requests that XML output be directed to the given filename.

• Question 639:

  What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

  A. Performing content enumeration on the web server to discover hidden folders
  B. Using wget to perform banner grabbing on the web server
  C. Flooding the web server with requests to perform a DoS attack
  D. Downloading all the contents of the web page locally for further examination
  B. Using wget to perform banner grabbing on the web server

  ---

  Explanation

  The command in question:

  wget 192.168.0.15 -q -S

  wget is a command-line utility used to retrieve files via HTTP, HTTPS, or FTP.

  -q (quiet mode): Suppresses output, except for errors.

  -S: Displays the server response headers (even in quiet mode).

  In this case, wget is being used to connect to the specified web server (192.168.0.15) and retrieve the HTTP response headers - such as the Server field (e.g., Apache, Nginx), HTTP status codes, and other metadata.

  This is a classic example of banner grabbing - the process of capturing metadata (often from headers) to identify the software, version, or configuration of a service.

  Incorrect Options:

  A. Content enumeration would require directory brute-forcing tools like DirBuster or Gobuster.

  C. DoS attacks require high volumes of traffic or specially crafted packets; wget with a single request does not perform flooding.

  D. Downloading full site contents would involve options like -r (recursive) or --mirror, which are not used in this command.

  CEH v13 Official Courseware:

  Module 03: Scanning Networks

  Section: "Banner Grabbing"

  Tool Reference: wget, netcat, telnet, curl for banner enumeration

• Question 640:

  To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

  What term is commonly used when referring to this type of testing?

  A. Randomizing
  B. Bounding
  C. Mutating
  D. Fuzzing
  D. Fuzzing

  ---

  Explanation

  This form of testing is known as Fuzzing. Fuzzing (or fuzz testing) is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

  In the CEH v13 courseware and study guide:

  Module 6: Malware Threats Subsection: Malware Analysis and Reverse Engineering Techniques

  CEH v13 Official Study Guide and iLabs Practical

  The CEH v13 guide states:

  "Fuzzing is used as a software testing technique that involves sending malformed or unexpected inputs to an application in order to detect vulnerabilities such as buffer overflows, crashes, or unexpected behavior. It is particularly useful during vulnerability assessments and exploit development."

  Thus, Fuzzing helps identify vulnerabilities due to improper input validation and is widely used in vulnerability discovery and exploit testing.

  Incorrect Options:

  A. Randomizing: Not a recognized security testing method.

  B. Bounding: Refers to setting limits or constraints; not relevant here.

  C. Mutating: Can be part of fuzzing (mutation-based fuzzing), but not the umbrella term.

  CEH v13 Study Guide - Module 6, Malware Threats, Page on "Fuzz Testing"CEH v13 iLabs - Malware Threats Lab # Section on Vulnerability Discovery Using Fuzzers