EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 741:

  Which tool can be used to silently copy files from USB devices?

  A. USB Grabber
  B. USB Snoopy
  C. USB Sniffer
  D. USB Dumper
  D. USB Dumper

  ---

  Explanation

  According to CEH v13 Module 06: Malware Threats, USB Dumper is a tool often used in insider threat or data exfiltration scenarios, where it automatically and silently copies files from any USB drive connected to a system.

  It operates in the background and requires no user interaction once installed.

  Files are copied from the USB to a pre-configured local directory.

  USB Dumper is used in various penetration testing scenarios to simulate data theft using physical access.

  Option Clarifications:

  A. USB Grabber: Not a recognized standard tool in CEH or industry.

  B. USB Snoopy: Used for monitoring USB communications (not silent copying).

  C. USB Sniffer: Used for sniffing USB device communication traffic, not file theft.

  D. USB Dumper: Correct tool for silently copying USB content.

  Module 06 - Insider Threat and USB-Based Malware Techniques

  CEH iLabs: Using USB Dumper in Local Exploitation

• Question 742:

  A penetration tester identifies that a web application's login form is not using secure password hashing mechanisms, allowing attackers to steal passwords if the database is compromised. What is the best approach to exploit this vulnerability?

  A. Perform a dictionary attack using a list of commonly used passwords against the stolen hash values
  B. Input a SQL query to check for SQL injection vulnerabilities in the login form
  C. Conduct a brute-force attack on the login form to guess weak passwords
  D. Capture the login request using a proxy tool and attempt to decrypt the passwords
  A. Perform a dictionary attack using a list of commonly used passwords against the stolen hash values

  ---

  Explanation

  If a system stores passwords in weak or reversible formats, attackers can perform offline cracking. CEH emphasizes dictionary attacks as the fastest and most efficient method to exploit weak hashing practices. This avoids detection and leverages known password patterns to recover plaintext credentials.

• Question 743:

  What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

  A. Performing content enumeration using the bruteforce mode and 10 threads
  B. Shipping SSL certificate verification
  C. Performing content enumeration using a wordlist
  D. Performing content enumeration using the bruteforce mode and random file extensions
  C. Performing content enumeration using a wordlist

  ---

  Explanation

  Analyze Web Applications: Identify Files and Directories - enumerate applications, as well as hidden directories and files of the web application hosted on the web server. Tools such as #Gobuster is directory scanner that allows attackers to perform fast-paced enumeration of hidden files and directories of a target web application. # gobuster -u -w common.txt (wordlist) (P.1849/1833)

• Question 744:

  Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

  A. Non-Repudiation
  B. Integrity
  C. Authentication
  D. Confidentiality
  A. Non-Repudiation

  ---

  Explanation

  Non-repudiation is the assurance that someone cannot deny the validity of something. Non-repudiation is a legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message.

• Question 745:

  Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

  A. Error-based injection
  B. Boolean-based blind SQL injection
  C. Blind SQL injection
  D. Union SQL injection
  D. Union SQL injection

  ---

  Explanation

  Union-based SQL injection is a technique that uses the UNION SQL operator to combine the results of the original query with the results of one or more additional queries. This allows attackers to:

  Retrieve data from different database tables

  Extend the result set returned to the web application

  Exploit the application if both queries return the same number and type of columns

  According to CEH v13:

  UNION SELECT can be used to enumerate tables, extract user credentials, or display sensitive data.

  It requires knowledge of the structure of the original query.

  Incorrect Options:

  A. Error-based injection extracts data from database error messages.

  B. Boolean-based blind SQLi returns true/false results to infer data.

  C. Blind SQLi (generic) relies on no visible output and uses inference techniques.

  CEH v13 Official Courseware:

  Module 14: Hacking Web Applications

  Section: "Types of SQL Injection Attacks"

  Subsection: "Union-Based SQL Injection"

• Question 746:

  During a security assessment of a cloud-hosted application using SOAP-based web services, a red team operator intercepts a valid SOAP request, duplicates the signed message body, inserts it into the same envelope, and forwards it. Due to improper validation, the server accepts the duplicated body and executes unauthorized code. What type of attack does this represent?

  A. Cloud snooper attack
  B. Cryptanalysis attack
  C. Wrapping attack
  D. IMDS abuse
  C. Wrapping attack

  ---

  Explanation

  Comprehensive Explanation from CEH v13 Courseware:

  CEH v13 identifies XML Signature Wrapping (XSW) attacks , also known simply as Wrapping attacks , as a major threat against SOAP-based web services. These attacks exploit weak XML parsing and insufficient validation of signed message components. SOAP messages often include digitally signed sections, but if the server validates the signature without confirming the correct position or structure of the signed elements, attackers can duplicate, move, or wrap signed content inside a modified XML envelope. This allows an attacker to inject malicious payloads while still presenting a valid signature. CEH details how this can lead to unauthorized execution, privilege escalation, or bypassing authentication controls in SOAP APIs. Cloud snooping, cryptanalysis, and IMDS abuse do not involve message duplication or signature misplacement. The scenario precisely matches CEH's definition of a Wrapping Attack in SOAP/XML security.

• Question 747:

  Which social engineering attack involves impersonating a co-worker or authority figure to extract confidential information?

  A. Phishing
  B. Pretexting
  C. Quid pro quo
  D. Baiting
  B. Pretexting

  ---

  Explanation

  Pretexting is defined in CEH v13 Social Engineering as an attack where the attacker fabricates a believable scenario and impersonates a trusted individual to gain sensitive information.

  This differs from phishing (mass messaging), baiting (malicious incentives), and quid pro quo (exchange of favors).

• Question 748:

  A payload causes a significant delay in response without visible output when testing an Oracle-backed application. What SQL injection technique is being used?

  A. Time-based SQL injection using WAITFOR DELAY
  B. Heavy query-based SQL injection
  C. Union-based SQL injection
  D. Out-of-band SQL injection
  A. Time-based SQL injection using WAITFOR DELAY

  ---

  Explanation

  This scenario precisely matches Time-Based Blind SQL Injection , a technique detailed in CEH v13 Web Application Hacking . When applications suppress error messages and sanitize outputs, attackers rely on response timing to infer whether injected SQL statements are executed.

  In time-based SQL injection, the attacker injects database-specific delay functions (such as WAITFOR DELAY, DBMS_LOCK.SLEEP, or SLEEP()). If the injected condition is true, the database pauses execution, causing a noticeable delay.

  The key indicators described- no visible output but increased response time based SQL injection. CEH v13 explains that this method is particularly useful when:

  -are classic signs of time-

  Errors are hidden

  UNION queries fail

  Output is not reflected

  Union-based and out-of-band SQL injections require data exfiltration channels or visible outputs, which are absent here. "Heavy query-based" is not a formal CEH classification.

  Thus, Option A is the correct answer.

• Question 749:

  What is correct about digital signatures?

  A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
  B. Digital signatures may be used in different documents of the same type.
  C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
  D. Digital signatures are issued once for each user and can be used everywhere until they expire.
  A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

  ---

  Explanation

  A digital signature is created by hashing the document and encrypting that hash with the sender's private key. Since the hash is specific to the original content, any change to the document invalidates the signature, making it non-transferable to another document.

  CEH v13 Official Study Guide:

  Module 20: Cryptography

  Quote:

  "Digital signatures are based on hashing the document and signing the digest with the private key. This makes each signature unique to the document and ensures tamper resistance."

  Incorrect Options:

  B. Incorrect -- signature is tied to one document.

  C. Hashes are not plain; they are encrypted.

  D. Keys can be reused, but signatures are document-specific.

• Question 750:

  Every company needs a formal written document that outlines acceptable usage of systems, prohibited actions, and disciplinary consequences. Employees must sign this policy before using company systems.

  What is this document called?

  A. Information Audit Policy (IAP)
  B. Information Security Policy (ISP)
  C. Penetration Testing Policy (PTP)
  D. Company Compliance Policy (CCP)
  B. Information Security Policy (ISP)

  ---

  Explanation

  Comprehensive and Detailed Explanation:

  An Information Security Policy (ISP) is a high-level document that defines:

  What employees can and cannot do with IT systems.

  What data is protected and how.

  The consequences of policy violations.

  The company's commitment to security.

  It must be signed by users to enforce compliance and protect organizational assets.

  From CEH v13 Courseware:

  Module 20: Information Security Policies

  Module 1: Governance, Risk, and Compliance

  CEH v13 Study Guide - Module 20: Components of an Information Security PolicyNIST SP 800- 53 - Security and Privacy Controls for Federal Information Systems