EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 661:

  Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

  A. Kismet
  B. Abel
  C. Netstumbler
  D. Nessus
  A. Kismet

  ---

  Explanation

  https://en.wikipedia.org/wiki/Kismet_(software)

  Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b, 802.11 g, and 802.11n traffic.

• Question 662:

  A penetration tester is tasked with identifying vulnerabilities on a web server running outdated software. The server hosts several web applications and is protected by a basic firewall. Which technique should the tester use to exploit potential server vulnerabilities?

  A. Conduct a SQL injection attack on the web application's login form
  B. Perform a brute-force login attack on the admin panel
  C. Execute a buffer overflow attack targeting the web server software
  D. Use directory traversal to access sensitive configuration files
  C. Execute a buffer overflow attack targeting the web server software

  ---

  Explanation

  Outdated server software often contains memory corruption flaws. CEH notes that buffer overflow exploits are a primary method for compromising vulnerable server binaries, allowing remote code execution. This approach targets the underlying service rather than application-layer input validation issues.

• Question 663:

  As a network administrator, you explain to your team that a recent DDoS attack targeted the application layer of your company's web server. Which type of DDoS attack was most likely used?

  A. HTTP flood attack
  B. UDP flood attack
  C. ICMP flood attack
  D. SYN flood attack
  A. HTTP flood attack

  ---

  Explanation

  According to the CEH Denial-of-Service (DoS/DDoS) module, application-layer DDoS attacks specifically target services such as HTTP, HTTPS, DNS, or APIs by sending requests that appear legitimate but overwhelm server resources.

  An HTTP flood attack sends a massive number of HTTP GET or POST requests, consuming CPU, memory, and application threads. CEH highlights that these attacks are particularly dangerous because they:

  Mimic normal user behavior

  Are difficult to distinguish from legitimate traffic

  Bypass traditional network-layer defenses

  Option A is correct.

  Options B C, and D operate primarily at the network or transport layers , not the application layer.

  CEH stresses that HTTP floods are among the most challenging DDoS attacks to mitigate due to their stealthy nature.

• Question 664:

  A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

  A. The WAP does not recognize the client's MAC address
  B. The client cannot see the SSID of the wireless network
  C. Client is configured for the wrong channel
  D. The wireless client is not configured to use DHCP
  A. The WAP does not recognize the client's MAC address

  ---

  Explanation

  https://en.wikipedia.org/wiki/MAC_filtering

  MAC filtering is a security method based on access control. Each address is assigned a 48-bit address, which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don't want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address. We can configure the filter to allow connection only to those devices included in the white list. White lists provide greater security than blacklists because the router grants access only to selected devices.

  It is used on enterprise wireless networks having multiple access points to prevent clients from communicating with each other. The access point can be configured only to allow clients to talk to the default gateway, but not other wireless clients. It increases the efficiency of access to a network.

  The router allows configuring a list of allowed MAC addresses in its web interface, allowing you to choose which devices can connect to your network. The router has several functions designed to improve the network's security, but not all are useful. Media access control may seem advantageous, but there are certain flaws.

  On a wireless network, the device with the proper credentials such as SSID and password can authenticate with the router and join the network, which gets an IP address and access to the internet and any shared resources.

  MAC address filtering adds an extra layer of security that checks the device's MAC address against a list of agreed addresses. If the client's address matches one on the router's list, access is granted; otherwise, it doesn' t join the network.

• Question 665:

  An attacker impersonates a technician and gains physical access to restricted areas. What tactic is this?

  A. Help desk impersonation
  B. Dumpster diving
  C. Remote tech support scam
  D. Physical impersonation (Tailgating/Impersonation)
  D. Physical impersonation (Tailgating/Impersonation)

  ---

  Explanation

  This scenario illustrates physical impersonation , a social engineering tactic discussed in CEH v13 Social Engineering . The attacker exploits trust in appearance and role assumption , dressing as a network technician to gain access without challenge.

  Unlike tailgating (which involves following someone), this attack relies on assumed authority and familiarity. CEH v13 categorizes this under impersonation attacks , where attackers pose as employees, contractors, or vendors.

  Other options describe different social engineering vectors:

  A: Phone-based pretexting

  B: Dumpster diving

  C: Vishing

  Physical impersonation is particularly dangerous because it bypasses technical controls entirely. Option D best matches the scenario.

• Question 666:

  Which advanced session hijacking technique is hardest to detect and mitigate in a remote-access environment?

  A. Session sidejacking over public Wi-Fi
  B. ARP spoofing on local networks
  C. Brute-force session guessing
  D. Cookie poisoning
  B. ARP spoofing on local networks

  ---

  Explanation

  ARP spoofing-based session hijacking is identified in CEH v13 Web Application and Network Attacks as one of the most stealthy and difficult-to-detect session compromise techniques, especially within internal or VPN-connected networks.

  In ARP spoofing, attackers poison ARP caches to position themselves as a man-in-the-middle (MitM) . Once in place, they can silently intercept, modify, or replay session data--even when encryption is used--by redirecting traffic transparently between endpoints.

  Option A (sidejacking) is mitigated by HTTPS. Option C (session guessing) is noisy and detectable. Option D (cookie poisoning) relies on weak validation and is easier to detect via integrity checks.

  CEH v13 highlights ARP spoofing as particularly dangerous because:

  It exploits trusted local network behavior

  It does not require breaking encryption directly

  It is often invisible to users and applications

  Therefore, Option B is the most challenging to detect and mitigate and is the correct answer.

• Question 667:

  Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?

  A. Key derivation function
  B. Key reinstallation
  C. A Public key infrastructure
  D. Key stretching
  D. Key stretching

  ---

  Explanation

  The scenario describes a method used to make a cryptographic key more secure by making it harder to brute- force. This process is called Key Stretching.

  Key Stretching:

  Takes a weak or short key and processes it through a function (often repeatedly) to produce a stronger, longer key.

  Commonly used in password hashing (e.g., bcrypt, PBKDF2, scrypt).

  Increases the computational time required to test each guess in a brute-force attack, effectively reducing attack feasibility.

  Incorrect Options:

  A. Key derivation function (KDF) is related but more general; key stretching is a specific technique often implemented within KDFs.

  B. Key reinstallation is associated with WPA2 KRACK attacks.

  C. Public key infrastructure (PKI) is a system of digital certificates, not a key strengthening technique.

  CEH v13 Official Courseware:

  Module 20: Cryptography

  Section: "Password Hashing and Key Stretching Techniques"

  Subsection: "bcrypt, PBKDF2, and Key Strengthening"

  CEH iLab: Password Hashing and Cracking Simulations

• Question 668:

  Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which statement below is true?

  A. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
  B. This is a scam because Bob does not know Scott.
  C. Bob should write to [email protected] to verify the identity of Scott.
  D. This is probably a legitimate message as it comes from a respectable organization.
  A. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

  ---

  Explanation

  Scammers often impersonate legitimate organizations using free email services like @yahoo.com. "Yahoo Bank" is not a legitimate institution, and a real financial entity would use an official domain (e.g., @yahoobank.com). This is a textbook phishing/smishing attempt.

  CEH v13 Official Study Guide:

  Module 9: Social Engineering

  Quote:

  "Attackers often use free email services and impersonate authority figures to trick users. Always verify the sender's domain and context."

  Incorrect Options:

  B. Irrelevant-legitimate people may be unknown too.

  C. Responding increases risk.

  D. It is not from a verified organization.

• Question 669:

  A penetration tester is tasked with scanning a network protected by an IDS and firewall that actively blocks connection attempts on non-standard ports. The tester needs to gather information on the target system without triggering alarms. Which technique should the tester use to evade detection?

  A. Use a low-and-slow scan to reduce detection by the IDS
  B. Conduct a full TCP Connect scan to confirm open ports
  C. Perform a SYN flood attack to overwhelm the firewall
  D. Execute a TCP ACK scan to map firewall rules and bypass the IDS
  A. Use a low-and-slow scan to reduce detection by the IDS

  ---

  Explanation

  A low-and-slow scanning technique spreads probe attempts over long intervals, reducing the chance of triggering IDS signatures that rely on detecting rapid or high-volume scans. CEH highlights timing-based evasion as an effective method for reconnaissance against networks with strict perimeter controls.

• Question 670:

  Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session-oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.

  What is Bob supposed to do next?

  A. Take over the session
  B. Reverse sequence prediction
  C. Guess the sequence numbers
  D. Take one of the parties offline
  D. Take one of the parties offline

  ---

  Explanation

  In active session hijacking, after identifying a valid session, the attacker must desynchronize the legitimate communication between the client and the server. To do this, Bob should:

  Knock one of the parties offline (typically the client).

  Then spoof the session by injecting crafted packets using the guessed sequence number.

  From CEH v13 Courseware:

  Module 11: Session Hijacking

  CEH v13 Study Guide states:

  "After identifying a session and predicting its sequence number, the attacker forces the original user offline, allowing them to assume control over the connection using spoofed packets."

  Incorrect Options:

  A: Taking over the session is the ultimate goal, but the necessary step before that is disconnecting the original participant.

  B: Sequence prediction is already done.

  C: Sequence number has already been guessed.

  CEH v13 Study Guide - Module 11: TCP Session Hijacking ProcessRFC 793 - TCP State Management and Sequence Numbers