Pass the ECCouncil CEH v13 312-50v13 Questions and answers with Dumpstech

A digital signature is created by hashing the document and encrypting that hash with the sender’s private key. Since the hash is specific to the original content, any change to the document invalidates the signature, making it non-transferable to another document.

Reference – CEH v13 Official Study Guide:

Module 20: Cryptography

Quote:

“Digital signatures are based on hashing the document and signing the digest with the private key. This makes each signature unique to the document and ensures tamper resistance.”

Incorrect Options:

B. Incorrect — signature is tied to one document.

C. Hashes are not plain; they are encrypted.

D. Keys can be reused, but signatures are document-specific.

Comprehensive and Detailed Explanation:

Social engineering is a psychological manipulation technique used by attackers to trick individuals into divulging confidential or personal information that may be used for fraudulent purposes.

It relies on human interaction and may involve tactics such as:

Impersonation

Pretexting

Phishing

Baiting

Rather than attacking systems directly, attackers exploit human trust and error.

From CEH v13 Courseware:

Module 7: Social Engineering

The php.ini file may be a special file for PHP. it’s where you declare changes to your PHP settings. The server is already configured with standard settings for PHP, which your site will use by default. Unless you would like to vary one or more settings, there’s no got to create or modify a php.ini file. If you’d wish to make any changes to settings, please do so through the MultiPHP INI Editor.

IoT devices often suffer from weak or missing encryption protocols, creating opportunities for attackers to intercept sensitive information. CEH courseware highlights that when device-to-app communication occurs in plaintext, a man-in-the-middle attack becomes one of the most effective exploitation methods. By positioning themselves between the device and the mobile application, the attacker can observe all transmitted data, including configuration updates, authentication tokens, and personal information. Tools such as Wireshark, mitmproxy, and specialized IoT interception frameworks allow testers to capture packets, decode protocols, and reconstruct application logic. The CEH curriculum stresses the importance of evaluating IoT device communication channels, because many rely on unsecured HTTP or proprietary plaintext protocols. Brute-force attempts, SQL injection, or dictionary attacks do not directly target the device–app communication pathway and would not exploit the fundamental weakness present here: lack of encryption. A MitM attack directly takes advantage of this flaw and provides comprehensive visibility into all transmitted data, making it the most effective and CEH-aligned method of exploitation.

Banner grabbing is a technique wont to gain info about a computer system on a network and the services running on its open ports. administrators will use this to take inventory of the systems and services on their network. However, an to find will use banner grabbing so as to search out network hosts that are running versions of applications and operating systems with known exploits.

Some samples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 severally. Tools normally used to perform banner grabbing are Telnet, nmap and Netcat.

For example, one may establish a connection to a target internet server using Netcat, then send an HTTP request. The response can usually contain info about the service running on the host:

This information may be used by an administrator to catalog this system, or by an intruder to narrow down a list of applicable exploits.

To prevent this, network administrators should restrict access to services on their networks and shut down unused or unnecessary services running on network hosts. Shodan is a search engine for banners grabbed from portscanning the Internet.

A man-in-the-middle attack using forged ICMP and ARP spoofing is a type of network-level session hijacking attack where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets and intercept or modify the data exchanged between the client and the server.

A man-in-the-middle attack using forged ICMP and ARP spoofing works as follows1:

The attacker sends a forged ICMP redirect message to the client, claiming to be the gateway. The ICMP redirect message tells the client to use the attacker’s machine as the next hop for reaching the server’s network. The client updates its routing table accordingly and starts sending packets to the attacker’s machine instead of the gateway.

The attacker also sends a forged ARP reply message to the client, claiming to be the server. The ARP reply message associates the attacker’s MAC address with the server’s IP address. The client updates its ARP cache accordingly and starts sending packets to the attacker’s MAC address instead of the server’s MAC address.

The attacker receives the packets from the client and forwards them to the server, acting as a relay. The attacker can also monitor, modify, or drop the packets as they wish. The server responds to the packets and sends them back to the attacker, who then forwards them to the client. The client and the server are unaware of the attacker’s presence and think they are communicating directly with each other.

Therefore, Jake is studying a man-in-the-middle attack using forged ICMP and ARP spoofing, which is a type of network-level session hijacking attack.

The SOA (Start of Authority) record is a DNS record that defines the authoritative information about a domain. Its format includes the following fields:

(domain) IN SOA (Primary Name Server) (Responsible Email)

(Serial) (Refresh) (Retry) (Expire) (Minimum TTL)

Given:

Rutgers.edu. SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Field values:

Serial: 200302028 (→ This is the version number of the zone file.)

Refresh: 3600 seconds

Retry: 3600 seconds

Expire: 604800 seconds

Minimum TTL: 2400 seconds

These values represent key configurations and are all part of the SOA record's operational data.

A: 200302028 = Serial/version (correct)

B: 3600 = Refresh (correct)

C: 604800 = Expire (correct)

D: 2400 = Minimum TTL (correct)

Incorrect Options:

E and F (60, 4800): Not part of the SOA record shown.

CEH v13 explains that WPA2-Enterprise replaces the static, shared password model of WPA2-Personal with a centralized authentication system that relies on the 802.1X framework. The essential component of this architecture is RADIUS integrated with EAP, which manages user authentication, device identity verification, and dynamic session key generation. RADIUS acts as the backend authentication server, while EAP provides a flexible authentication framework supporting certificates, smartcards, or credentials. This combination allows organizations to enforce per-user access control policies, revoke individual users without changing network-wide passwords, and generate unique Pairwise Master Keys (PMKs) for every authenticated session. CEH highlights that one of the major advantages of WPA2-Enterprise is its ability to produce unique encryption keys for each client, preventing key reuse and mitigating lateral movement if one device is compromised. Certificate-based EAP types such as EAP-TLS introduce mutual authentication, ensuring both client and server validate each other’s identity before allowing network access. This significantly increases security posture compared to PSK networks, which cannot scale securely for large enterprise deployments.

CEH defines botnets as networks of compromised machines controlled remotely to perform coordinated activities such as DDoS attacks, spam campaigns, and credential theft. Systems showing outbound connections to unknown IPs and participating in mass spam dissemination are characteristic indicators of botnet infection.

MAC flooding is a Layer 2 attack in which an attacker sends a large number of fake MAC addresses to a switch, filling up its CAM (Content Addressable Memory) table. Once the table is full:

The switch enters “fail-open” mode and broadcasts traffic to all ports

The attacker can then sniff sensitive traffic

This attack effectively turns a switch into a hub, facilitating data sniffing.

Incorrect Options:

A. Evil twin is a wireless attack using rogue access points.

B. DNS cache flooding corrupts DNS entries, unrelated to Ethernet.

D. DDoS attacks are about overwhelming systems/services, not Layer 2 memory overflows.

Reference – CEH v13 Official Courseware:

Module 11: Sniffing

Section: “Switch Port Stealing and MAC Flooding”

Subsection: “Layer 2 Attacks and CAM Table Poisoning”

===========

Agent Smith Attack

Agent Smith attacks are carried out by luring victims into downloading and installing malicious

apps designed and published by attackers in the form of games, photo editors, or other

attractive tools from third-party app stores such as 9Apps. Once the user has installed the app,

the core malicious code inside the application infects or replaces the legitimate apps in the

victim's mobile device C&C commands. The deceptive application replaces legitimate apps such

as WhatsApp, SHAREit, and MX Player with similar infected versions. The application sometimes

also appears to be an authentic Google product such as Google Updater or Themes. The

attacker then produces a massive volume of irrelevant and fraudulent advertisements on the

victim's device through the infected app for financial gain. Attackers exploit these apps to steal

critical information such as personal information, credentials, and bank details, from the

victim's mobile device through C&C commands.

A honeypot may be a trap that an IT pro lays for a malicious hacker, hoping that they will interact with it during a way that gives useful intelligence. It’s one among the oldest security measures in IT, but beware: luring hackers onto your network, even on an isolated system, are often a dangerous game.

honeypot may be a good starting place: “A honeypot may be a computer or computing system intended to mimic likely targets of cyberattacks.” Often a honeypot are going to be deliberately configured with known vulnerabilities in situation to form a more tempting or obvious target for attackers. A honeypot won’t contain production data or participate in legitimate traffic on your network — that’s how you’ll tell anything happening within it’s a results of an attack. If someone’s stopping by, they’re up to no good.

That definition covers a various array of systems, from bare-bones virtual machines that only offer a couple of vulnerable systems to ornately constructed fake networks spanning multiple servers. and therefore the goals of these who build honeypots can vary widely also , starting from defense thorough to academic research. additionally , there’s now an entire marketing category of deception technology that, while not meeting the strict definition of a honeypot, is certainly within the same family. But we’ll get thereto during a moment.

honeypots aim to permit close analysis of how hackers do their dirty work. The team controlling the honeypot can watch the techniques hackers use to infiltrate systems, escalate privileges, and otherwise run amok through target networks. These sorts of honeypots are found out by security companies, academics, and government agencies looking to look at the threat landscape. Their creators could also be curious about learning what kind of attacks are out there, getting details on how specific sorts of attacks work, or maybe trying to lure a specific hackers within the hopes of tracing the attack back to its source. These systems are often inbuilt fully isolated lab environments, which ensures that any breaches don’t end in non-honeypot machines falling prey to attacks.

Production honeypots, on the opposite hand, are usually deployed in proximity to some organization’s production infrastructure, though measures are taken to isolate it the maximum amount as possible. These honeypots often serve both as bait to distract hackers who could also be trying to interrupt into that organization’s network, keeping them faraway from valuable data or services; they will also function a canary within the coalpit , indicating that attacks are underway and are a minimum of partially succeeding.

Tess King is attempting to gather all DNS records from a target zone. This process is referred to as a zone transfer (AXFR), which is typically performed by secondary name servers to synchronize DNS data with the primary. If improperly secured, attackers can initiate unauthorized zone transfers to enumerate valuable information such as:

Hostnames

IP addresses

Mail servers

Name servers

CEH v13 defines a zone transfer as a crucial step in DNS enumeration.

From CEH v13 Official Courseware:

Module 3: Scanning Networks

Topic: DNS Enumeration → Zone Transfers

CEH v13 Study Guide states:

“A zone transfer (AXFR) is a DNS transaction used to replicate DNS databases. Attackers can exploit this feature to extract all DNS information from an improperly secured server.”

Incorrect Options:

A. Zone harvesting is not a formal term.

C. Zone update refers to DNS dynamic update operations (e.g., DDNS).

D. Zone estimate is not a DNS-related process.

CEH identifies insecure data transfer as a critical IoT weakness. Outdated encryption protocols such as SSLv2 fail to protect confidentiality or integrity. Without strong encryption and authentication, attackers can intercept, decrypt, and manipulate video feeds.

An iPhone client’s most noticeably terrible bad dream is to have somebody oversee his/her gadget, including the capacity to record and control all action without waiting be in a similar room. In this blog entry, we present another weakness called “Trustjacking”, which permits an aggressor to do precisely that.

This weakness misuses an iOS highlight called iTunes Wi-Fi sync, which permits a client to deal with their iOS gadget without genuinely interfacing it to their PC. A solitary tap by the iOS gadget proprietor when the two are associated with a similar organization permits an assailant to oversee the gadget. Furthermore, we will stroll through past related weaknesses and show the progressions that iPhone has made to alleviate them, and why these are adequately not to forestall comparative assaults.

After interfacing an iOS gadget to another PC, the clients are being found out if they trust the associated PC or not. Deciding to believe the PC permits it to speak with the iOS gadget by means of the standard iTunes APIs.

This permits the PC to get to the photographs on the gadget, perform reinforcement, introduce applications and considerably more, without requiring another affirmation from the client and with no recognizable sign. Besides, this permits enacting the “iTunes Wi-Fi sync” highlight, which makes it conceivable to proceed with this sort of correspondence with the gadget even after it has been detached from the PC, as long as the PC and the iOS gadget are associated with a similar organization. It is intriguing to take note of that empowering “iTunes Wi-Fi sync” doesn’t need the casualty’s endorsement and can be directed simply from the PC side.

Getting a live stream of the gadget’s screen should be possible effectively by consistently requesting screen captures and showing or recording them distantly.

It is imperative to take note of that other than the underlying single purpose of disappointment, approving the vindictive PC, there is no other component that forestalls this proceeded with access. Likewise, there isn’t anything that informs the clients that by approving the PC they permit admittance to their gadget even in the wake of detaching the USB link.