EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 641:

  What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

  A. Man-in-the-middle attack
  B. Meet-in-the-middle attack
  C. Replay attack
  D. Traffic analysis attack
  B. Meet-in-the-middle attack

  ---

  Explanation

  https://en.wikipedia.org/wiki/Meet-in-the-middle_attack

  The meet-in-the-middle attack (MITM), a known plaintext attack, is a generic spaceime tradeoff cryptographic attack against encryption schemes that rely on performing multiple encryption operations in sequence. The MITM attack is the primary reason why Double DES is not used and why a Triple DES key (168-bit) can be bruteforced by an attacker with 256 space and 2112 operations.

  The intruder has to know some parts of plaintext and their ciphertexts. Using meet-in-the-middle attacks it is possible to break ciphers, which have two or more secret keys for multiple encryption using the same algorithm. For example, the 3DES cipher works in this way. Meet-in-the-middle attack was first presented by Diffie and Hellman for cryptanalysis of DES algorithm.

• Question 642:

  As a cybersecurity analyst conducting passive reconnaissance , you aim to gather information without interacting directly with the target system. Which technique is least likely to assist in this process?

  A. Using a tool like Nmap to scan the organization's public IP range
  B. Inspecting the WHOIS database for domain registration details
  C. Using search engines and public data sources
  D. Monitoring publicly available social media and professional profiles
  A. Using a tool like Nmap to scan the organization's public IP range

  ---

  Explanation

  CEH defines passive reconnaissance as collecting information without directly engaging the target.

  Option A is incorrect for passive reconnaissance because Nmap scanning actively probes systems , generating detectable traffic.

  Options B C and D rely on publicly available information and are standard passive techniques.

  CEH classifies Nmap scanning as active footprinting .

• Question 643:

  Why is a penetration test considered to be more thorough than a vulnerability scan?

  A. Vulnerability scans only do host discovery and port scanning by default.
  B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
  C. It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
  D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
  B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

  ---

  Explanation

  A vulnerability scan identifies known vulnerabilities by comparing system configurations and software versions against a database. It is mostly passive and does not confirm if vulnerabilities are exploitable.

  Penetration testing, however, involves simulating real-world attacks. It attempts to actively exploit vulnerabilities, escalate privileges, and access sensitive data, offering a more realistic view of risk.

  CEH v13 Official Study Guide:

  Module 1: Introduction to Ethical Hacking

  Quote:

  "A penetration test goes beyond vulnerability identification by actively exploiting weaknesses to assess the actual risk and potential impact to the organization."

  Incorrect Options:

  A. Scans do more than port scanning.

  C. Penetration testing is often manual and detailed.

  D. The difference is methodology, not just database size.

• Question 644:

  Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

  A. website defacement
  B. Server-side request forgery (SSRF) attack
  C. Web server misconfiguration
  D. web cache poisoning attack
  B. Server-side request forgery (SSRF) attack

  ---

  Explanation

  Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker's choosing.

  In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services among the organization's infrastructure, or to external third-party systems.

  Another type of trust relationship that often arises with server-side request forgery is where the application server is able to interact with different back-end systems that aren't directly reachable by users. These systems typically have non-routable private informatics addresses. Since the back-end systems normally ordinarily protected by the topology, they typically have a weaker security posture. In several cases, internal back-end systems contain sensitive functionality that may be accessed while not authentication by anyone who is able to act with the systems.

  In the preceding example, suppose there's an body interface at the back-end url https://192.168.0.68/admin. Here, an attacker will exploit the SSRF vulnerability to access the executive interface by submitting the following request:

  POST /product/stock HTTP/1.0

  Content-Type: application/x-www-form-urlencoded

  Content-Length: 118

  stockApihttp://192.168.0.68/admin

• Question 645:

  Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

  A. Accept the risk
  B. Introduce more controls to bring risk to 0%
  C. Mitigate the risk
  D. Avoid the risk
  A. Accept the risk

  ---

  Explanation

  Risk mitigation can be defined as taking steps to reduce adverse effects. There are four types of risk mitigation strategies that hold unique to Business Continuity and Disaster Recovery. When mitigating risk, it' s important to develop a strategy that closely relates to and matches your company's profile.

  Risk acceptance does not reduce any effects; however, it is still considered a strategy. This strategy is a common option when the cost of other risk management options such as avoidance or limitation may outweigh the cost of the risk itself. A company that doesn't want to spend a lot of money on avoiding risks that do not have a high possibility of occurring will use the risk acceptance strategy.

  Risk avoidance is the opposite of risk acceptance. It is the action that avoids any exposure to the risk whatsoever. It's important to note that risk avoidance is usually the most expensive of all risk mitigation options.

  Risk limitation is the most common risk management strategy used by businesses. This strategy limits a company's exposure by taking some action. It is a strategy employing a bit of risk acceptance and a bit of risk avoidance or an average of both. An example of risk limitation would be a company accepting that a disk drive may fail and avoiding a long period of failure by having backups.

  Risk transference is the involvement of handing risk off to a willing third party. For example, numerous companies outsource certain operations such as customer service, payroll services, etc. This can be beneficial for a company if a transferred risk is not a core competency of that company. It can also be used so a company can focus more on its core competencies.

• Question 646:

  Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

  A. User-mode rootkit
  B. Library-level rootkit
  C. Kernel-level rootkit
  D. Hypervisor-level rootkit
  C. Kernel-level rootkit

  ---

  Explanation

  A Kernel-level rootkit operates at the core of the operating system (OS kernel), enabling the attacker to:

  Modify or replace kernel code

  Load malicious kernel modules

  Hide files, processes, and backdoors at a level that is difficult for standard security tools to detect

  According to CEH v13:

  Kernel-mode rootkits are highly stealthy and dangerous because they run with the highest privileges.

  These rootkits modify system calls and memory structures in the kernel space to conceal malicious activity.

  Incorrect Options:

  A. User-mode rootkits operate at the application layer and are less stealthy than kernel-level rootkits.

  B. Library-level rootkits manipulate standard libraries (like libc) to intercept calls.

  D. Hypervisor-level rootkits run beneath the OS (e.g., via virtualization) and are extremely rare and complex.

  Reference CEH v13 Official Courseware:

  Module 06: Malware Threats

  Section: "Types of Rootkits"

  Subsection: "Kernel-Mode Rootkits vs. User-Mode Rootkits"

• Question 647:

  There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers.

  Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment.

  What is this cloud deployment option called?

  A. Hybrid
  B. Community
  C. Public
  D. Private
  B. Community

  ---

  Explanation

  The purpose of this idea is to permit multiple customers to figure on joint projects and applications that belong to the community, where it's necessary to possess a centralized clouds infrastructure. In other words, Community Cloud may be a distributed infrastructure that solves the precise problems with business sectors by integrating the services provided by differing types of clouds solutions.

  The communities involved in these projects, like tenders, business organizations, and research companies, specialise in similar issues in their cloud interactions. Their shared interests may include concepts and policies associated with security and compliance considerations, and therefore the goals of the project also .

  Community Cloud computing facilitates its users to spot and analyze their business demands better. Community Clouds could also be hosted during a data center, owned by one among the tenants, or by a third- party cloud services provider and may be either on-site or off-site.

  Community Cloud Examples and Use Cases

  Cloud providers have developed Community Cloud offerings, and a few organizations are already seeing the advantages . the subsequent list shows a number of the most scenarios of the Community Cloud model that's beneficial to the participating organizations.

  Multiple governmental departments that perform transactions with each other can have their processing systems on shared infrastructure. This setup makes it cost-effective to the tenants, and may also reduce their data traffic.

  Benefits of Community Clouds

  Community Cloud provides benefits to organizations within the community, individually also as collectively. Organizations don't need to worry about the safety concerns linked with Public Cloud due to the closed user group.

  This recent cloud computing model has great potential for businesses seeking cost-effective cloud services to collaborate on joint projects, because it comes with multiple advantages.

  Openness and Impartiality Community Clouds are open systems, and that they remove the dependency organizations wear cloud service providers. Organizations are able to do many benefits while avoiding the disadvantages of both public and personal clouds.

  Flexibility and Scalability

  Ensures compatibility among each of its users, allowing them to switch properties consistent with their individual use cases. They also enable companies to interact with their remote employees and support the utilization of various devices, be it a smartphone or a tablet. This makes this sort of cloud solution more flexible to users' demands.

  Consists of a community of users and, as such, is scalable in several aspects like hardware resources, services, and manpower. It takes under consideration demand growth, and you simply need to increase the user-base.

  High Availability and Reliability

  Your cloud service must be ready to make sure the availability of knowledge and applications in the least times. Community Clouds secure your data within the same way as the other cloud service, by replicating data and applications in multiple secure locations to guard them from unforeseen circumstances.

  Cloud possesses redundant infrastructure to form sure data is out there whenever and wherever you would like it. High availability and reliability are critical concerns for any sort of cloud solution.

  Security and Compliance

  Two significant concerns discussed when organizations believe cloud computing are data security and compliance with relevant regulatory authorities. Compromising each other's data security isn't profitable to anyone during a Community Cloud.

  Users can configure various levels of security for his or her data. Common use cases:

  the power to dam users from editing and downloading specific datasets.

  Making sensitive data subject to strict regulations on who has access to Sharing sensitive data unique to a specific organization would bring harm to all or any the members involved.

  What devices can store sensitive data.

  Convenience and Control

  Conflicts associated with convenience and control don't arise during a Community Cloud. Democracy may be a crucial factor the Community Cloud offers as all tenants share and own the infrastructure and make decisions collaboratively. This setup allows organizations to possess their data closer to them while avoiding the complexities of a personal Cloud.

  Less Work for the IT Department

  Having data, applications, and systems within the cloud means you are doing not need to manage them entirely. This convenience eliminates the necessity for tenants to use extra human resources to manage the system. Even during a self-managed solution, the work is split among the participating organizations.

  Environment Sustainability

  In the Community Cloud, organizations use one platform for all their needs, which dissuades them from investing in separate cloud facilities. This shift introduces a symbiotic relationship between broadening and shrinking the utilization of cloud among clients. With the reduction of organizations using different clouds, resources are used more efficiently, thus resulting in a smaller carbon footprint.

• Question 648:

  In the context of Windows Security, what is a 'null' user?

  A. A user that has no skills
  B. An account that has been suspended by the admin
  C. A pseudo account that has no username and password
  D. A pseudo account that was created for security administration purpose
  C. A pseudo account that has no username and password

  ---

  Explanation

  A null user is a special connection made to a Windows system without providing a username or password. In older versions of Windows (NT, 2000, XP), null sessions could be used to anonymously connect to IPC$ share and enumerate:

  Users

  Groups

  Shares

  Policies

  From CEH v13 Courseware:

  Module 4: Enumeration # Null Sessions

  CEH v13 Study Guide states:

  "Null users are unauthenticated sessions used to access certain system resources without credentials. These are commonly used in enumeration attacks."

  CEH v13 Study Guide - Module 4: Null Sessions and SMB EnumerationMicrosoft KB Article Q143474 - Restricting Anonymous Access

• Question 649:

  A corporation migrates to a public cloud service , and the security team identifies a critical vulnerability in the cloud provider's API . What is the most likely threat arising from this flaw?

  A. Distributed Denial-of-Service (DDoS) attacks on cloud servers
  B. Unauthorized access to cloud resources
  C. Physical security compromise of data centers
  D. Compromise of encrypted data at rest
  B. Unauthorized access to cloud resources

  ---

  Explanation

  The CEH Cloud Computing module identifies cloud APIs as one of the most critical attack surfaces in public cloud environments. APIs control provisioning, configuration, authentication, and management of cloud resources.

  A vulnerability in a cloud API can allow attackers to:

  Bypass authentication

  Escalate privileges

  Access or modify cloud resources

  Create or delete services

  Option B is therefore correct.

  Option A relates to availability, not API flaws.

  Option C is managed by the provider and unrelated to APIs.

  Option D would require key compromise, not just API weakness.

  CEH strongly emphasizes API security as a top cloud risk.

• Question 650:

  An IT security team is conducting an internal review of security protocols in their organization to identify potential vulnerabilities. During their investigation, they encounter a suspicious program running on several computers. Further examination reveals that the program has been logging all user keystrokes. How can the security team confirm the type of program and what countermeasures should be taken to ensure the same attack does not occur in the future?

  A. The program is a Trojan; the tearm should regularly update antivirus software and install a reliable firewall
  B. The program is spyware; the team should use password managers and encrypt sensitive data
  C. The program is a keylogger; the team should employ intrusion detection systems and regularly update the system software
  D. The program is a keylogger; the team should educate employees about phishing attacks and maintain regular backups
  C. The program is a keylogger; the team should employ intrusion detection systems and regularly update the system software

  ---

  Explanation

  A keylogger is a type of spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device. Keyloggers are a common tool for cybercriminals, who use them to capture passwords, credit card numbers, personal information, and other sensitive data. Keyloggers can be installed on a device through various methods, such as phishing emails, malicious downloads, or physical access. To confirm the type of program, the security team can use a web search tool, such as Bing, to look for keylogger programs and compare their features and behaviors with the suspicious program they encountered. Alternatively, they can use a malware analysis tool, such as Malwarebytes, to scan and identify the program and its characteristics.

  To prevent the same attack from occurring in the future, the security team should employ intrusion detection systems (IDS) and regularly update the system software. An IDS is a system that monitors network traffic and system activities for signs of malicious or unauthorized behavior, such as keylogger installation or communication. An IDS can alert the security team of any potential threats and help them respond accordingly. Regularly updating the system software can help patch any vulnerabilities or bugs that keyloggers may exploit to infect the device. Additionally, the security team should also remove the keylogger program from the affected computers and change any compromised passwords or credentials. References:

  Keylogger | What is a Keylogger? How to protect yourself

  How to Detect and Remove a Keylogger From Your Computer

  Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

  What is a Keylogger? | Keystroke Logging Definition | Avast

  Keylogger Software: 11 Best Free to Use in 2023