The CEH v13 courseware states that insecure communication occurs when mobile applications transmit sensitive data over unencrypted or weakly encrypted channels, exposing information to interception. When an application uses plain HTTP or does not properly validate certificates, attackers can place themselves between the client and server using a man-in-the-middle (MitM) attack. This allows them to read session tokens, credentials, API keys, or personal user data as it travels across the network. CEH materials emphasize that MitM attacks are the primary exploitation technique for insecure data transmission because they exploit weaknesses in transport-layer security rather than weaknesses in backend code or authentication mechanisms.
SQL injection and CSRF attacks target web application logic, not transport encryption. Brute-force attacks target authentication mechanisms and are unrelated to how data is transmitted. Therefore, the most effective exploitation method is intercepting traffic via MitM to capture or manipulate unencrypted communications.

CEH defines ethical hacking as the authorized, structured, and permission-based process of identifying vulnerabilities to strengthen an organization's security posture. Ethical hackers operate under a signed scope- of-work and follow legal boundaries. Malicious hackers, by contrast, exploit systems without permission, often with harmful or criminal intent. CEH emphasizes that both ethical and malicious hackers may use similar tools, techniques, and methodologies; the distinction lies entirely in authorization, intent, and legality.
Ethical hacking is conducted to improve defenses, while malicious hacking targets exploitation, theft, or disruption. Nothing in CEH materials suggests that toolsets or work styles distinguish the two groups; permission and lawful operation remain the central differentiators.

The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company.
In this technique, the victim is an insider who possesses critical information about the target organization.
Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data. This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a legitimate company's logo, thereby tricking end-users into trusting it and opening it on their systems. Once the victim connects and opens the device, a malicious file downloads. It infects the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and greed, the victim picks up the device and opens it up on their system, which downloads the bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system, giving the attacker access.

ARIN (American Registry for Internet Numbers) is a Regional Internet Registry (RIR) that provides information about IP address allocations and autonomous systems in North America. It's used for WHOIS lookups and footprinting in reconnaissance.

CEH v13 describes Agent Smith-style attacks as malicious Android operations where an app silently replaces legitimate applications by exploiting weaknesses in the Android app update and installation processes. These attacks often begin when users download seemingly innocent apps from untrusted third- party marketplaces. Once installed, the malicious application injects harmful code into other apps, overwriting them while preserving their icons and interface, allowing the attacker to harvest credentials, display ads, or maintain persistence without detection. CEH explains that this technique takes advantage of Android's APK structure, sideloading vulnerabilities, and lack of signature validation in compromised environments.
Simjacker (Option A) targets SIM toolkit vulnerabilities and does not replace apps. Man-in-the-Disk (Option B) abuses external storage operations but does not overwrite applications. Camfecting (Option D) refers to hijacking smartphone cameras. The described malicious replacement of legitimate apps exactly matches the Agent Smith attack pattern.