Free ECCouncil 312-50v13 Practice Exam with Questions & Answers | Set: 6

Guardster is an anonymizing proxy service that allows users to:

Mask their real IP address

Bypass content filters and access restricted websites

Maintain anonymity while browsing or engaging in online activities

It functions as a middleman between the user and target sites, hiding user identities.

Incorrect Options:

A. Baidu is a Chinese search engine.

C. WolframAlpha is a computational search engine.

D. Karma Decay is a reverse image search engine for Reddit.

Reference – CEH v13 Official Courseware:

Module 02: Footprinting and Reconnaissance

Section: “Anonymous Browsing Tools and Techniques”

Subsection: “Proxy and Anonymizing Services”

The command uses sqlmap, a powerful SQL injection and database penetration testing tool. The flag -u specifies the target URL, and -dbs instructs sqlmap to enumerate the available databases on the DBMS behind that URL.

Command Breakdown:

-u: Target URL with injectable parameters

-dbs: Retrieve and enumerate all available database names

This is a common first step in identifying vulnerable DBMS structures after confirming SQL injection.

Incorrect Options:

A. Backdoor creation is not the default function of sqlmap.

C. Retrieving SQL statements would require additional options like --trace or --sql-query.

D. Option D is not technically accurate—sqlmap is used for injection and enumeration, not searching statements.

Reference – CEH v13 Official Courseware:

Module 14: Hacking Web Applications

Section: “SQL Injection Tools and Automation”

Tool Reference: sqlmap usage and options

===========

CEH’s social engineering principles highlight psychological manipulation techniques such as authority, urgency, trust exploitation, and impersonation. In this scenario, the attacker leverages “perceived authority,” a powerful influence tactic where the social engineer poses as someone with legitimate power or sanctioned access—such as a technician, auditor, or vendor representative. CEH emphasizes that referencing real employee names, using technical terminology, and impersonating trusted third-party partners increases believability and reduces verification resistance. The receptionist’s acceptance of the attacker’s presence without verifying credentials matches classical authority-based exploitation. Leaked credentials, physical security logs, and network segmentation issues do not relate to human-layer social engineering. The situation clearly reflects the manipulation of trust and authority as described in CEH’s psychological attack vectors.

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Let's just disassemble this entry.

Mar 1, 2016, 7:33:28 AM - time of the request

10.240.250.23 - 54373 - client's IP and port

10.249.253.15 - server IP

- 22 - SSH port

Blind SQL Injection is a type of SQL injection attack where no error messages or data are directly returned to the attacker. Instead, the attacker sends specially crafted SQL queries that result in true or false responses. Based on how the application responds (such as redirecting to a different page or loading time), the attacker infers information about the backend database.

According to CEH v13:

Blind SQLi is used when standard SQL injection yields no visible output.

It comes in two forms:

Boolean-based: Infers information based on application behavior.

Time-based: Infers information based on server response time delays.

Incorrect Options:

A. Time-based SQLi is a sub-type of Blind SQLi, but the question describes Boolean-based behavior.

B. Union SQL injection uses the UNION keyword to fetch additional rows; requires visible output.

C. Error-based SQL injection relies on database error messages.

Reference – CEH v13 Official Courseware:

Module 14: Hacking Web Applications

Section: “Types of SQL Injection”

Subsection: “Blind SQL Injection (Boolean and Time-Based)”

===========

Comprehensive and Detailed Explanation:

Blind SQL injection is used when the application does not return errors or display query results. In such cases, attackers use inference methods such as:

Boolean-based queries

Time-based queries (e.g., using SLEEP or WAITFOR DELAY)

Elliot’s use of timing delays indicates a time-based blind SQL injection.

From CEH v13 Courseware:

Module 10: Web Application Hacking → SQL Injection Types

According to CEH v13 Module 06: Malware Threats, USB Dumper is a tool often used in insider threat or data exfiltration scenarios, where it automatically and silently copies files from any USB drive connected to a system.

It operates in the background and requires no user interaction once installed.

Files are copied from the USB to a pre-configured local directory.

USB Dumper is used in various penetration testing scenarios to simulate data theft using physical access.

Option Clarifications:

A. USB Grabber: Not a recognized standard tool in CEH or industry.

B. USB Snoopy: Used for monitoring USB communications (not silent copying).

C. USB Sniffer: Used for sniffing USB device communication traffic, not file theft.

D. USB Dumper: Correct tool for silently copying USB content.

Passive reconnaissance is emphasized throughout CEH as an essential method for gathering intelligence without alerting monitoring systems. When the tester cannot interact with the live site, they must rely entirely on third-party archives or cached content stored by search engines or internet archival services. Google’s cache function provides previously stored versions of web pages exactly for this purpose. CEH explains that attackers frequently use cached content to retrieve outdated login portals, administrative pages, exposed directories, or other sensitive elements that may no longer appear on the live web server. Unlike operators such as intext or intitle, which query live indexed metadata, the cache operator retrieves historical snapshots without accessing the target website. The link operator identifies backlinks but does not provide historical page content. Only the cache operator directly supports viewing previous versions of pages passively, aligning perfectly with the requirement to avoid detection while gathering intelligence on legacy web content.

CEH explains that MAC flooding overwhelms a switch’s CAM table, causing it to fail open. When the table fills, the switch broadcasts frames out all ports, behaving like a hub. This exposes unicast traffic to attackers operating in promiscuous mode.

1. AV (Asset value) = $300 + (14 * $10) = $440 - the cost of a hard drive plus the work of a recovery person, i.e.how much would it take to replace 1 asset? 10 hours for resorting the OS and soft + 4 hours for DB restore multiplies by hourly rate of the recovery person.

2. SLE (Single Loss Expectancy) = AV * EF (Exposure Factor) = $440 * 1 = $440

3. ARO (Annual rate of occurrence) = 1/3 (every three years, meaning the probability of occurring during 1 years is 1/3)

4. ALE (Annual Loss Expectancy) = SLE * ARO = 0.33 * $440 = $145.2

Comprehensive and Detailed Explanation:

The code shown in the image is indicative of a Cross-Site Scripting (XSS) attack, where malicious JavaScript is injected into a web page via user input. In this case, the attacker includes:

%3Cscript%20src=...%3E — URL-encoded JavaScript tag to load a malicious script from an external source.

If the web application echoes this input back without sanitization, the script will execute in the context of the victim’s browser.

This allows the attacker to:

Steal cookies/session tokens

Perform actions on behalf of the victim

Redirect the victim to malicious websites

From CEH v13 Courseware:

Module 10: Web Application Hacking → Cross-Site Scripting (XSS)

https://en.wikipedia.org/wiki/Web_application_firewall

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.

CEH v13 explains that multi-vector DDoS attacks, especially those combining volumetric reflection (DNS amplification) with application-layer exhaustion (Slowloris), require multi-layered mitigation. Standard firewalls and IPS devices cannot handle large-scale distributed attacks without causing collateral damage to legitimate traffic. CEH emphasizes the need for hybrid DDoS protection, combining on-premises appliances for real-time local filtering with cloud-based scrubbing centers capable of absorbing massive volumetric floods. Cloud scrubbing removes malicious traffic upstream, while on-prem devices mitigate application-layer anomalies. Increasing bandwidth (Option A) is ineffective against reflection attacks. IPS (Option B) cannot handle Slowloris-style partial requests at scale. Blocking all external DNS/HTTP (Option C) would deny service to legitimate users. The correct CEH-aligned solution is hybrid DDoS mitigation services.

In CEH v13 Module 05: System Hacking, once an attacker gains access to hashed passwords, cracking tools are employed to reverse or brute-force them.

Tool Breakdown:

John the Ripper: A powerful password cracking tool that supports many hash formats.

Hashcat: GPU-based, extremely fast password hash cracking tool.

THC-Hydra: Used for online attacks (e.g., SSH, FTP brute force).

Netcat: Not a password cracking tool — it’s a network utility used for:

Remote shell connections

Banner grabbing

File transfers

Port scanning

Therefore:

C. Netcat is the correct answer — it is not used for password cracking.

A Gray Hat hacker operates between ethical (White Hat) and unethical (Black Hat) behavior. They might break into systems without permission but without malicious intent, often reporting vulnerabilities afterward. They perform both offensive and defensive activities.

???? Reference – CEH v13 Official Study Guide, Module 1: Introduction to Ethical Hacking

“Gray Hat hackers may violate ethical standards but not necessarily for personal or financial gain. They typically operate without malicious intent.”

❌ Incorrect options:

A. White Hats are ethical hackers.

B. Suicide Hackers attack without regard for being caught.

D. Black Hats are malicious hackers.