EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 711:

  An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

  What is the best example of a scareware attack?

  A. A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
  B. A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."
  C. A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."
  D. A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."
  D. A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."

  ---

  Explanation

  In CEH v13 Module 09: Social Engineering, scareware is defined as a malicious tactic that uses fear, panic, or urgency to trick users into performing harmful actions such as downloading fake software or clicking malicious links.

  Common Scareware Example:

  A pop-up warns the user: "Your system is infected! Install this antivirus now!"

  Victim downloads malware disguised as a solution.

  Often used to deliver spyware, ransomware, or trojans.

  Option Review:

  A. Free cruise: Classic example of baiting, not scareware.

  B. Account locked: Closer to phishing or credential harvesting.

  C. Delivery delay: Another phishing variation.

  D. Pop-up about infection: True scareware tactic.

  Module 09 - Social Engineering Attacks # Scareware Attacks

  CEH iLabs: Identifying Fake Security Alerts and Scareware Payloads

• Question 712:

  A company hires a hacker to test its network security by simulating real-world attacks. The hacker has permission and operates within legal boundaries. What is this type of hacker called?

  A. Script Kiddie
  B. Black Hat Hacker
  C. Grey Hat Hacker
  D. White Hat Hacker
  D. White Hat Hacker

  ---

  Explanation

  CEH v13 defines a white hat hacker as a security professional who performs authorized assessments to identify vulnerabilities and strengthen an organization's defenses. The defining characteristic of white hat activity is the presence of formal permission--typically through a signed rules-of-engagement, scope of work, and explicit authorization from the organization. CEH emphasizes that white hats adhere to legal boundaries, follow ethical guidelines, and document findings to support remediation. They may use the same tools and methodologies as malicious hackers, but the intent and authorization distinguish them. In contrast, black hats operate without permission and with malicious intent. Grey hats act without authorization but may not have malicious motivations, making them inappropriate in a formal penetration testing engagement. Script kiddies lack professional skill and rely on pre-made tools without understanding the underlying techniques. Therefore, the hacker described is a white hat--an ethical professional performing sanctioned testing.

• Question 713:

  Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.

  What is the type of vulnerability assessment that Jude performed on the organization?

  A. External assessment
  B. Passive assessment
  C. Host-based assessment
  D. Application assessment
  A. External assessment

  ---

  Explanation

  Types of Vulnerability Assessment - External Assessment External assessment examines the network from a hacker's point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall. (P.527/511)

  External assessment examines the network from a hacker's point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall.

  The following are some of the possible steps in performing an external assessment:

  Determine a set of rules for firewall and router configurations for the external network Check whether the external server devices and network devices are mapped o Identify open ports and related services on the external network Examine the patch levels on the server and external network devices o Review detection systems such as IDS, firewalls, and application-layer protection systems Get information on DNS zones Scan the external network through a variety of proprietary tools available on the Internet Examine Web applications such as e-commerce and shopping cart software for vulnerabilities

• Question 714:

  SCADA anomalies suggest a side-channel attack . Which investigation best confirms this?

  A. Review user interfaces
  B. Measure hardware-level operational fluctuations
  C. Identify weak crypto settings
  D. Assess network latency
  B. Measure hardware-level operational fluctuations

  ---

  Explanation

  Side-channel attacks, as explained in CEH v13 OT and SCADA Security , extract sensitive information by observing physical characteristics of a system rather than exploiting software flaws directly. These characteristics may include power consumption, electromagnetic emissions, timing variations, or thermal output.

  In SCADA environments, side-channel attacks are especially dangerous because they bypass traditional network defenses. The most reliable way to confirm such an attack is by analyzing hardware-level anomalies --such as unexpected power usage spikes or irregular signal emissions during normal device operations.

  Option B directly aligns with CEH v13 guidance. Options A, C, and D focus on software, cryptography, or network behavior, which are not primary indicators of side-channel exploitation.

• Question 715:

  What is the main difference between ethical hacking and malicious hacking?

  A. Ethical hacking is illegal, while malicious hacking is legal
  B. Ethical hackers use different tools than malicious hackers
  C. Ethical hacking is performed with permission, while malicious hacking is unauthorized
  D. Ethical hackers always work alone, while malicious hackers work in teams
  C. Ethical hacking is performed with permission, while malicious hacking is unauthorized

  ---

  Explanation

  CEH defines ethical hacking as the authorized, structured, and permission-based process of identifying vulnerabilities to strengthen an organization's security posture. Ethical hackers operate under a signed scope- of-work and follow legal boundaries. Malicious hackers, by contrast, exploit systems without permission, often with harmful or criminal intent. CEH emphasizes that both ethical and malicious hackers may use similar tools, techniques, and methodologies; the distinction lies entirely in authorization, intent, and legality. Ethical hacking is conducted to improve defenses, while malicious hacking targets exploitation, theft, or disruption. Nothing in CEH materials suggests that toolsets or work styles distinguish the two groups; permission and lawful operation remain the central differentiators.

• Question 716:

  From the following table, identify the wrong answer in terms of Range (ft).

  Standard

  Range (ft)

  802.11a

  150?50

  802.11b

  150?50

  802.11g

  150?50

  802.16 (WiMax)

  30 miles

  A. 802.16 (WiMax)
  B. 802.11g
  C. 802.11b
  D. 802.11a
  D. 802.11a

  ---

  Explanation

  In CEH v13 Module 11: Hacking Wireless Networks, wireless standards and their transmission ranges are discussed.

  Actual Range Specs:

  802.11a: Operates at 5 GHz, range up to ~75 ft indoors, much less than 150 ft due to poor wall penetration.

  802.11b/g: Operate at 2.4 GHz, typically 150?00 ft indoors.

  802.16 (WiMax): Wireless MAN technology with range up to 30 miles - correct for point-to-point outdoor line of sight.

  Conclusion:

  802.11a listed as 150?50 ft is incorrect.

  Realistic effective range is up to 75 ft indoors, depending on obstructions and interference.

  This overestimation makes Option D the wrong one.

  Module 11 Wireless Protocols and Specifications

  IEEE Wireless Standards Summary Table (CEH Appendix)

  CEH iLabs: Analyzing Signal Strength of 802.11a/b/g/n Networks

• Question 717:

  what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

  A. httpd.conf
  B. administration.config
  C. idq.dll
  D. php.ini
  D. php.ini

  ---

  Explanation

  The php.ini file may be a special file for PHP. it's where you declare changes to your PHP settings. The server is already configured with standard settings for PHP, which your site will use by default. Unless you would like to vary one or more settings, there's no got to create or modify a php.ini file. If you'd wish to make any changes to settings, please do so through the MultiPHP INI Editor.

• Question 718:

  A large chemical plant uses operational technology (OT) networks to control its industrial processes. Recently, abnormal behavior is observed from PLCs, suggesting a stealthy compromise via malicious firmware. Which action should the team take FIRST to verify and neutralize the issue?

  A. Immediately isolate suspicious devices
  B. Perform detailed inspections of device software for unauthorized modifications
  C. Implement enhanced IDS rules
  D. Restrict remote administrative access
  B. Perform detailed inspections of device software for unauthorized modifications

  ---

  Explanation

  In CEH v13 Mobile, IoT, and OT Hacking , firmware-level attacks on Programmable Logic Controllers (PLCs) are categorized as high-impact and stealth-oriented threats , often designed to evade traditional network-based defenses. Malicious firmware compromises the integrity of the device itself, allowing attackers persistent and covert control over industrial processes.

  The first and most critical step is to verify the integrity of the firmware and software running on the PLCs. CEH v13 emphasizes that before containment or mitigation actions are applied, accurate identification and confirmation of compromise must occur. Firmware inspection enables analysts to detect unauthorized code injections, modified logic blocks, altered checksums, or tampered boot loaders-hallmarks of OT malware such as Stuxnet-like attacks.

  Immediate isolation (Option A) may be necessary later, but premature isolation can disrupt industrial operations and destroy volatile forensic evidence. IDS enhancements (Option C) focus on traffic patterns and are ineffective against firmware-resident malware. Restricting remote access (Option D) is preventative but does not validate or remove an existing firmware compromise. CEH v13 stresses that OT environments require forensic verification at the device level , especially when abnormal behavior originates from controllers themselves. Firmware validation using vendor-approved tools and hash verification is the correct first step to confirm compromise and plan remediation without risking operational safety.

• Question 719:

  Malware adapts behavior, changes code dynamically, and exfiltrates data stealthily. What is it?

  A. AI-powered malware
  B. Worm
  C. Rootkit
  D. Polymorphic virus
  A. AI-powered malware

  ---

  Explanation

  CEH v13 identifies AI-powered malware as an emerging advanced threat that adapts its execution based on environmental cues and user behavior. Unlike traditional polymorphic malware, AI-driven malware can dynamically decide when and how to execute actions to avoid detection.

  The described traits-behavioral adaptation, idle-time exfiltration, encrypted communication-are hallmarks of AI-assisted malware.

  Polymorphic viruses change signatures but do not adapt behavior intelligently. Rootkits focus on hiding presence. Worms propagate aggressively.

• Question 720:

  Which of the following statements about a zone transfer is correct? (Choose three.)

  A. A zone transfer is accomplished with the DNS
  B. A zone transfer is accomplished with the nslookup service
  C. A zone transfer passes all zone information that a DNS server maintains
  D. A zone transfer passes all zone information that a nslookup server maintains
  E. A zone transfer can be prevented by blocking all inbound TCP port 53 connections
  F. Zone transfers cannot occur on the Internet
  A. A zone transfer is accomplished with the DNS
  C. A zone transfer passes all zone information that a DNS server maintains
  E. A zone transfer can be prevented by blocking all inbound TCP port 53 connections

  ---

  Explanation

  Zone transfers (AXFR) are DNS operations used to replicate DNS data from a primary to a secondary server. If improperly configured, attackers can request these transfers and retrieve valuable DNS information, including hostnames and IPs.

  Correct Statements:

  A: Zone transfers are DNS protocol operations.

  C: They transfer the entire DNS zone file (records for the domain).

  E: Zone transfers use TCP port 53. Blocking it can prevent unauthorized transfers.

  From CEH v13 Courseware:

  Module 3: Scanning Networks

  Topic: DNS Enumeration # Zone Transfers

  CEH v13 Study Guide states:

  "A zone transfer is a mechanism used by DNS servers to replicate databases. It can be used by attackers to retrieve detailed DNS information if not properly restricted. Zone transfers occur over TCP port 53."

  Incorrect Statements:

  B/D: nslookup is a query tool; it doesn't perform or manage zone transfers.

  F: Zone transfers can happen on the internet if DNS servers are misconfigured.

  CEH v13 Study Guide - Module 3: DNS Enumeration # Zone TransfersRFC 5936 - DNS Zone Transfer Protocol