Updated Nov-2025 Exam 312-50v13 Dumps - Pass Your Certification Exam
Latest Real ECCouncil 312-50v13 Exam Dumps Questions
NEW QUESTION # 42
How does a denial-of-service attack work?
- A. A hacker uses every character, word, or letter he or she can think of to defeat authentication
- B. A hacker prevents a legitimate user (or group of users) from accessing a service
- C. A hacker attempts to imitate a legitimate user by confusing a computer or even another person
- D. A hacker tries to decipher a password by using a system, which subsequently crashes the network
Answer: B
NEW QUESTION # 43
When considering how an attacker may exploit a web server, what is web server footprinting?
- A. When an attacker implements a vulnerability scanner to identify weaknesses
- B. When an attacker uses a brute-force attack to crack a web-server password
- C. When an attacker creates a complete profile of the site's external links and file structures
- D. When an attacker gathers system-level data, including account details and server names
Answer: C
Explanation:
Web server footprinting is part of the reconnaissance phase in ethical hacking. It involves gathering detailed information about a web server's structure, external links, available directories, scripts, and technologies in use.
Techniques include:
* Spidering the site to map all accessible URLs and file paths
* Identifying hidden directories or backup files
* Analyzing page structures and URL patterns
This information helps attackers identify areas to target for further scanning or exploitation.
Incorrect Options:
* A. Vulnerability scanning is active testing, not passive footprinting.
* C. System-level data is gathered in OS or network footprinting.
* D. Brute-force attacks are exploitation techniques, not reconnaissance.
Reference - CEH v13 Official Courseware:
Module 02: Footprinting and Reconnaissance
Section: "Web Server Footprinting Techniques"
Tool Reference: HTTrack, Burp Spider, OWASP ZAP
NEW QUESTION # 44
What is the algorithm used by LM for Windows 2000 SAM?
- A. MD4
- B. SSL
- C. SHA
- D. DES
Answer: D
Explanation:
LAN Manager (LM) hashes are legacy password hashing methods used in older Windows systems (including Windows 2000 for backward compatibility). LM hashing works by:
* Converting the password to uppercase.
* Padding or truncating it to 14 characters.
* Splitting it into two 7-character halves.
* Using each half as a DES key to encrypt a known constant ("KGS!@#$%").
Therefore, LM hashing uses the DES (Data Encryption Standard) algorithm.
From CEH v13 Official Courseware:
* Module 6: Malware Threats # Password Storage and LM Hash Structure
Reference:CEH v13 Study Guide - Module 6: Windows Password StorageMicrosoft Security Documentation
- LM/NTLM Authentication
NEW QUESTION # 45
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine.
Joel waits for the victim to access the infected web application so as to compromise the victim's machine.
Which of the following techniques is used by Joel in the above scenario?
- A. MarioNet attack
- B. Clickjacking attack
- C. Watering hole attack
- D. DNS rebinding attack
Answer: C
Explanation:
Web Application Threats - Watering Hole Attack In a watering hole attack, the attacker identifies the kinds of websites a target company/individual frequently surfs and tests those particular websites to identify any possible vulnerabilities. Attacker injects malicious script/code into the web application that can redirect the webpage and download malware onto the victim machine. (P.1797/1781)
NEW QUESTION # 46
which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?
- A. Honeypot
- B. BotnetD Firewall
- C. intrusion detection system
Answer: A
Explanation:
A honeypot may be a trap that an IT pro lays for a malicious hacker, hoping that they will interact with it during a way that gives useful intelligence. It's one among the oldest security measures in IT, but beware:
luring hackers onto your network, even on an isolated system, are often a dangerous game.
honeypot may be a good starting place: "A honeypot may be a computer or computing system intended to mimic likely targets of cyberattacks." Often a honeypot are going to be deliberately configured with known vulnerabilities in situation to form a more tempting or obvious target for attackers. A honeypot won't contain production data or participate in legitimate traffic on your network - that's how you'll tell anything happening within it's a results of an attack. If someone's stopping by, they're up to no good.
That definition covers a various array of systems, from bare-bones virtual machines that only offer a couple of vulnerable systems to ornately constructed fake networks spanning multiple servers. and therefore the goals of these who build honeypots can vary widely also , starting from defense thorough to academic research.
additionally , there's now an entire marketing category of deception technology that, while not meeting the strict definition of a honeypot, is certainly within the same family. But we'll get thereto during a moment.
honeypots aim to permit close analysis of how hackers do their dirty work. The team controlling the honeypot can watch the techniques hackers use to infiltrate systems, escalate privileges, and otherwise run amok through target networks. These sorts of honeypots are found out by security companies, academics, and government agencies looking to look at the threat landscape. Their creators could also be curious about learning what kind of attacks are out there, getting details on how specific sorts of attacks work, or maybe trying to lure a specific hackers within the hopes of tracing the attack back to its source. These systems are often inbuilt fully isolated lab environments, which ensures that any breaches don't end in non-honeypot machines falling prey to attacks.
Production honeypots, on the opposite hand, are usually deployed in proximity to some organization's production infrastructure, though measures are taken to isolate it the maximum amount as possible. These honeypots often serve both as bait to distract hackers who could also be trying to interrupt into that organization's network, keeping them faraway from valuable data or services; they will also function a canary within the coalpit , indicating that attacks are underway and are a minimum of partially succeeding.
NEW QUESTION # 47
There have been concerns in your network that the wireless network component is not sufficiently secure.
You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?
- A. RADIUS
- B. WPA3
- C. WPA
- D. WEP
Answer: D
Explanation:
Wired Equivalent Privacy (WEP) may be a security protocol, laid out in the IEEE wireless local area network (Wi-Fi) standard, 802.11b, that's designed to supply a wireless local area network (WLAN) with A level of security and privacy like what's usually expected of a wired LAN. A wired local area network (LAN) is usually protected by physical security mechanisms (controlled access to a building, for example) that are effective for a controlled physical environment, but could also be ineffective for WLANs because radio waves aren't necessarily bound by the walls containing the network. WEP seeks to determine similar protection thereto offered by the wired network's physical security measures by encrypting data transmitted over the WLAN. encoding protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms like password protection, end-to-end encryption, virtual private networks (VPNs), and authentication are often put in situ to make sure privacy.
A research group from the University of California at Berkeley recently published a report citing "major security flaws" in WEP that left WLANs using the protocol susceptible to attacks (called wireless equivalent privacy attacks). within the course of the group's examination of the technology, they were ready to intercept and modify transmissions and gain access to restricted networks. The Wireless Ethernet Compatibility Alliance (WECA) claims that WEP - which is included in many networking products - was never intended to be the only security mechanism for a WLAN, and that, in conjunction with traditional security practices, it's very effective.
NEW QUESTION # 48
You have been hired as an intern at a start-up company. Your first task is to help set up a basic web server for the company's new website. The team leader has asked you to make sure the server is secure from common - threats. Based on your knowledge from studying for the CEH exam, which of the following actions should be your priority to secure the web server?
- A. Installing a web application firewall
- B. limiting the number of concurrent connections to the server
- C. Regularly updating and patching the server software
- D. Encrypting the company's website with SSL/TLS
Answer: C
Explanation:
One of the most important actions to secure a web server from common threats is to regularly update and patch the server software. This includes the operating system, the web server software, the database software, and any other applications or frameworks that run on the server. Updating and patching the server software can fix known vulnerabilities, bugs, or errors that could be exploited by attackers to compromise the server or the website. Failing to update and patch the server software can expose the server to common attacks, such as SQL injection, cross-site scripting, remote code execution, denial-of-service, etc.
Installing a web application firewall, limiting the number of concurrent connections to the server, and encrypting the company's website with SSL/TLS are also good practices to secure a web server, but they are not as critical as updating and patching the server software. A web application firewall can filter and block malicious requests, but it cannot prevent attacks that exploit unpatched vulnerabilities in the server software.
Limiting the number of concurrent connections to the server can prevent overload and improve performance, but it cannot stop attackers from sending malicious requests or payloads. Encrypting the company's website with SSL/TLS can protect the data in transit between the server and the client, but it cannot protect the data at rest on the server or prevent attacks that target the server itself.
Therefore, the priority action to secure a web server from common threats is to regularly update and patch the server software.
References:
* Web Server Security- Beginner's Guide - Astra Security Blog
* Top 10 Web Server Security Best Practices | Liquid Web
* 21 Server Security Tips & Best Practices To Secure Your Server - phoenixNAP
NEW QUESTION # 49
A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?
- A. Session splicing
- B. Desynchronization
- C. Phlashing
- D. Slowloris attack
Answer: D
Explanation:
Developed by Robert "RSnake" Hansen, Slowloris is DDoS attack software that permits one computer to require down an internet server. Due the straightforward yet elegant nature of this attack, it requires minimal bandwidth to implement and affects the target server's web server only, with almost no side effects on other services and ports.
Slowloris has proven highly-effective against many popular sorts of web server software, including Apache 1.
x and 2.x.
Over the years, Slowloris has been credited with variety of high-profile server takedowns. Notably, it had been used extensively by Iranian 'hackivists' following the 2009 Iranian presidential election to attack Iranian government internet sites .
Slowloris works by opening multiple connections to the targeted web server and keeping them open as long as possible. It does this by continuously sending partial HTTP requests, none of which are ever completed. The attacked servers open more and connections open, expecting each of the attack requests to be completed.
Periodically, the Slowloris sends subsequent HTTP headers for every request, but never actually completes the request. Ultimately, the targeted server's maximum concurrent connection pool is filled, and extra (legitimate) connection attempts are denied.
By sending partial, as against malformed, packets, Slowloris can easily elapse traditional Intrusion Detection systems.
Named after a kind of slow-moving Asian primate, Slowloris really does win the race by moving slowly and steadily. A Slowloris attack must await sockets to be released by legitimate requests before consuming them one by one.
For a high-volume internet site , this will take a while . the method are often further slowed if legitimate sessions are reinitiated. But within the end, if the attack is unmitigated, Slowloris-like the tortoise-wins the race.
If undetected or unmitigated, Slowloris attacks also can last for long periods of your time . When attacked sockets outing , Slowloris simply reinitiates the connections, continuing to reach the online server until mitigated.
Designed for stealth also as efficacy, Slowloris are often modified to send different host headers within the event that a virtual host is targeted, and logs are stored separately for every virtual host.
More importantly, within the course of an attack, Slowloris are often set to suppress log file creation. this suggests the attack can catch unmonitored servers off-guard, with none red flags appearing in log file entries.
Methods of mitigation
Imperva's security services are enabled by reverse proxy technology, used for inspection of all incoming requests on their thanks to the clients' servers.
Imperva's secured proxy won't forward any partial connection requests-rendering all Slowloris DDoS attack attempts completely and utterly useless.
NEW QUESTION # 50
What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?
- A. AndroidManifest.xml
- B. resources.asrc
- C. APK.info
- D. classes.dex
Answer: A
Explanation:
The AndroidManifest.xml file contains information of your package, including components of the appliance like activities, services, broadcast receivers, content providers etc.
It performs another tasks also:
* it's responsible to guard the appliance to access any protected parts by providing the permissions.
* It also declares the android api that the appliance goes to use.
* It lists the instrumentation classes. The instrumentation classes provides profiling and other informations.
These informations are removed just before the appliance is published etc.
This is the specified xml file for all the android application and located inside the basis directory.
NEW QUESTION # 51
During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?
- A. DNS Scheme
- B. DynDNS
- C. Split DNS
- D. DNSSEC
Answer: C
NEW QUESTION # 52
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?
- A. Blind SQL injection
- B. Union-based SQL injection
- C. Error-based SQL injection
- D. NoSQL injection
Answer: A
NEW QUESTION # 53
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?
- A. Piggybacking
- B. Diversion theft
- C. Baiting
- D. Honey trap
Answer: D
Explanation:
The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company.
In this technique, the victim is an insider who possesses critical information about the target organization.
Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data. This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a legitimate company's logo, thereby tricking end-users into trusting it and opening it on their systems. Once the victim connects and opens the device, a malicious file downloads. It infects the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and greed, the victim picks up the device and opens it up on their system, which downloads the bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system, giving the attacker access.
NEW QUESTION # 54
An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?
- A. Phishing attack
- B. War driving attack
- C. MAC spoofing attack
- D. Evil-twin attack
Answer: D
Explanation:
Wireless Threats - Confidentiality Attacks Launch of Wireless Attacks: Evil Twin Evil Twin is a wireless AP that pretends to be a legitimate AP by replicating another network name. Attackers set up a rogue AP outside the corporate perimeter and lures users to sign into the wrong AP. (P.2297/2281)
NEW QUESTION # 55
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?
- A. Session
- B. Transport
- C. Presentation
- D. Application
Answer: C
Explanation:
https://en.wikipedia.org/wiki/Presentation_layer
In the seven-layer OSI model of computer networking, the presentation layer is layer 6 and serves as the data translator for the network. It is sometimes called the syntax layer. The presentation layer is responsible for the formatting and delivery of information to the application layer for further processing or display.
Encryption is typically done at this level too, although it can be done on the application, session, transport, or network layers, each having its own advantages and disadvantages. Decryption is also handled at the presentation layer. For example, when logging on to bank account sites the presentation layer will decrypt the data as it is received.
NEW QUESTION # 56
You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers,
We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:
or you may contact us at the following address:
Media Internet Consultants, Edif. Neptuno, Planta
Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?
- A. Connect to the site using SSL, if you are successful then the website is genuine
- B. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
- C. Look at the website design, if it looks professional then it is a Real Anti-Virus website
- D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
- E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
Answer: B
NEW QUESTION # 57
You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!
What seems to be wrong?
- A. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
- B. OS Scan requires root privileges.
- C. The nmap syntax is wrong.
- D. This is a common behavior for a corrupted nmap application.
Answer: B
NEW QUESTION # 58
What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?
- A. The attacker queries a nameserver using the DNS resolver.
- B. The attacker uses TCP to poison the ONS resofver.
- C. The attacker makes a request to the DNS resolver.
- D. The attacker forges a reply from the DNS resolver.
Answer: C
Explanation:
https://ru.wikipedia.org/wiki/DNS_spoofing
DNS spoofing is a threat that copies the legitimate server destinations to divert the domain's traffic. Ignorant these attacks, the users are redirected to malicious websites, which results in insensitive and personal data being leaked. It is a method of attack where your DNS server is tricked into saving a fake DNS entry. This will make the DNS server recall a fake site for you, thereby posing a threat to vital information stored on your server or computer.
The cache poisoning codes are often found in URLs sent through spam emails. These emails are sent to prompt users to click on the URL, which infects their computer. When the computer is poisoned, it will divert you to a fake IP address that looks like a real thing. This way, the threats are injected into your systems as well.
Different Stages of Attack of DNS Cache Poisoning:
- The attacker proceeds to send DNS queries to the DNS resolver, which forwards the Root/TLD authoritative DNS server request and awaits an answer.
- The attacker overloads the DNS with poisoned responses that contain several IP addresses of the malicious website. To be accepted by the DNS resolver, the attacker's response should match a port number and the query ID field before the DNS response. Also, the attackers can force its response to increasing their chance of success.
- If you are a legitimate user who queries this DNS resolver, you will get a poisoned response from the cache, and you will be automatically redirected to the malicious website.
NEW QUESTION # 59
infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?
- A. Gaining access
- B. Scanning
- C. Reconnaissance
- D. Maintaining access
Answer: A
Explanation:
This phase having the hacker uses different techniques and tools to realize maximum data from the system.
they're -
* Password cracking - Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used.
Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre- computed hash values until a match is discovered.
* Password attacks - Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.
NEW QUESTION # 60
What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment?
- A. Heuristics based
- B. Cloud based
- C. Honeypot based
- D. Behavioral based
Answer: B
Explanation:
Cloud-based antivirus relies on data collected from endpoint devices and sends that data to cloud servers for real-time malware analysis. This allows rapid updates and detection of new threats without waiting for local signature updates.
# Reference - CEH v13 Official Study Guide, Module 20: Cryptography and Malware
"Cloud-based detection systems analyze suspicious files and behaviors in the provider's environment, enabling faster response and reduced endpoint resource usage."
# Incorrect options:
A). Behavioral-based detection monitors live activity locally.
B). Heuristic-based detection uses rules or behavior patterns locally.
C). Honeypots are decoys for detecting attackers, not antivirus methods.
NEW QUESTION # 61
......
312-50v13 Dumps To Pass CEH v13 Exam in One Day: https://www.vce4dumps.com/312-50v13-valid-torrent.html
100% Guaranteed Results 312-50v13 Unlimited 569 Questions: https://drive.google.com/open?id=1E-ZY2L3uX7whf5yfx34NVI5se9xhbpYX