Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free ECCouncil 312-50v13 Practice Exam with Questions & Answers | Set: 5

Questions 61

During a penetration test at Pacific Trust Bank in Seattle, ethical hacker Mia Chen suspects that a server hosting customer transaction data may be a honeypot. To investigate, she repeatedly sends crafted queries and observes how quickly the system responds. She notices that responses are consistently faster and more uniform than those of other production servers, raising her suspicion that the environment is designed to lure attackers.

Which technique is Mia most likely using to determine if the server is a honeypot?

Options:
A.

Analyzing MAC Address

B.

Analyzing Response Time

C.

Fingerprinting the Running Service

D.

Analyzing System Configuration and Metadata

ECCouncil 312-50v13 Premium Access
Questions 62

Emily, a security engineer at a Chicago-based healthcare provider, is auditing the organization ' s new cloud environment after a breach where sensitive patient records were exposed. Her investigation reveals that the root cause was the lack of encryption during data transmission between end-user devices and cloud storage. To mitigate this issue and align with HIPAA compliance requirements, Emily must prioritize addressing the correct cloud computing security risk.

Which cloud computing threat should Emily address to mitigate the risk of sensitive data being exposed during transmission?

Options:
A.

Multi-Tenancy and Physical Security

B.

Incidence Analysis and Forensic Support

C.

Service and Data Integration

D.

Infrastructure Security

Questions 63

A city’s power management system relies on SCADA infrastructure. Recent anomalies include inconsistent sensor readings and intermittent outages. Security analysts suspect a side-channel attack designed to extract sensitive information covertly from SCADA devices. Which investigative technique would best confirm this type of attack?

Options:
A.

Measuring unusual physical or electrical fluctuations during device operation at the hardware level.

B.

Identifying weak cryptographic configurations in device communications.

C.

Assessing SCADA user interfaces for unauthorized access or misuse.

Questions 64

You are an ethical hacker at RedOak Cyber Solutions, contracted to perform a penetration test for MetroHealth Hospital in Cleveland, Ohio. While assessing the hospital ' s appointment booking portal, you craft and submit multiple malicious inputs into the patient search field. One of your payloads successfully manipulates the backend query, returning additional appointment data that was not intended to be displayed.

Based on the observed behavior, which step of the SQL injection methodology are you performing?

Options:
A.

Identifying Data Entry Paths

B.

Launching SQL Injection Attacks

C.

Database Enumeration

D.

Information Gathering and Vulnerability Detection

Questions 65

During an authorized engagement at IronClad Financial Services in Charlotte, the red team successfully exploits a weakness and obtains administrative access to a critical server. After achieving this objective, the team installs a backdoor mechanism to ensure continued access even if the original vulnerability is remediated. The team documents this activity as part of demonstrating long-term adversary behavior within the approved scope.

Within the CEH ethical hacking framework, which phase does this activity represent?

Options:
A.

Reconnaissance

B.

Vulnerability Scanning

C.

Maintaining Access

D.

Clearing Tracks

Questions 66

A penetration tester is assessing an IoT thermostat used in a smart home system. The device communicates with a cloud server for updates and commands. The tester discovers that communication between the device and the cloud server is not encrypted. What is the most effective way to exploit this vulnerability?

Options:
A.

Conduct a Cross-Site Scripting (XSS) attack on the thermostat’s web interface

B.

Perform a brute-force attack on the thermostat’s local admin login

C.

Execute a SQL injection attack on the cloud server ' s login page

D.

Use a man-in-the-middle (MitM) attack to intercept and manipulate unencrypted communication

Questions 67

During a penetration test at a logistics company in Atlanta, Georgia, you examine the configuration of network devices and discover that they rely on legacy communication mechanisms lacking encryption and integrity checks. These mechanisms allow neighboring systems to exchange operational data without verification, exposing the infrastructure to potential manipulation. What type of vulnerability is most clearly present?

Options:
A.

Firewall vulnerabilities

B.

Lack of password protection

C.

Lack of authentication

D.

Insecure routing protocols

Questions 68

During a black-box security assessment of a large enterprise network, the penetration tester scans the internal environment and identifies that TCP port 389 is open on a domain controller. Upon further investigation, the tester runs the ldapsearch utility without providing any authentication credentials and successfully retrieves a list of usernames, email addresses, and departmental affiliations from the LDAP directory. The tester notes that this sensitive information was disclosed without triggering any access control mechanisms or requiring login credentials. Based on this behavior, what type of LDAP access mechanism is most likely being exploited?

Options:
A.

LDAP over SSL (LDAPS)

B.

Authenticated LDAP with Kerberos

C.

Anonymous LDAP binding

D.

LDAP via RADIUS relay

Questions 69

A digital publishing firm in Charlotte, North Carolina, noticed suspicious probing activity against its public website. To proactively assess exposure, the security team initiated a focused scan of the company ' s HTTP servers. The chosen tool examined server headers, identified installed web server software through file signatures and favicon analysis, checked for outdated components, and searched for potentially dangerous files and misconfigurations. The scan also supported SSL connections and generated exportable reports in multiple formats for documentation. Which vulnerability assessment tool most closely aligns with the capabilities described?

Options:
A.

OpenVAS

B.

Nessus

C.

Qualys VM

D.

Nikto

Questions 70

Which action would most effectively increase the security of a virtual-hosted web server?

Options:
A.

Implement LAMP architecture

B.

Change IP addresses regularly

C.

Regularly update and patch server software

D.

Move document root to another disk

Questions 71

Abnormal DNS resolution behavior is detected on an internal network. Users are redirected to altered login pages. DNS replies come from an unauthorized internal IP and are faster than legitimate responses. ARP spoofing alerts are also detected. What sniffing-based attack is most likely occurring?

Options:
A.

Internet DNS spoofing

B.

Intranet DNS poisoning via local spoofed responses

C.

Proxy-based DNS redirection

D.

Upstream DNS cache poisoning

Questions 72

An ethical hacker needs to gather detailed information about a company ' s internal network without initiating any direct interaction that could be logged or raise suspicion. Which approach should be used to obtain this information covertly?

Options:
A.

Analyze the company ' s SSL certificates for internal details

B.

Examine email headers from past communications with the company

C.

Inspect public WHOIS records for hidden network data

D.

Utilize network scanning tools to map the company ' s IP range

Questions 73

A penetration tester detects malware on a system that secretly records all keystrokes entered by the user. What type of malware is this?

Options:
A.

Rootkit

B.

Ransomware

C.

Keylogger

D.

Worm

Questions 74

Which vulnerability exploits memory corruption?

Options:
A.

XSS

B.

Buffer overflow

C.

CSRF

D.

SQLi

Questions 75

A penetration tester needs to identify open ports and services on a target network without triggering the organization ' s intrusion detection systems, which are configured to detect high-volume traffic and common scanning techniques. To achieve stealth, the tester decides to use a method that spreads out the scan over an extended period. Which scanning technique should the tester employ to minimize the risk of detection?

Options:
A.

Use a stealth scan by adjusting the scan timing options to be slow and random

B.

Perform a TCP SYN scan using a fast scan rate

C.

Execute a UDP scan targeting all ports simultaneously

D.

Conduct a TCP Xmas scan sending packets with all flags set