Which encryption method supports secure key distribution?
Correct Answer: D
Asymmetric encryption, as defined in CEH v13 Cryptography, uses a public-private key pair, solving the key distribution problem inherent in symmetric encryption. Public keys can be freely shared, enabling secure communication initiation without prior shared secrets. Disk encryption and hashes do not address key exchange. Therefore, Option D is correct.
312-50v13 Exam Question 77
While auditing legacy network devices at a public hospital in Miami, Jason, a penetration tester, needs to verify what SNMP traffic is leaking across the internal segment. Instead of running structured queries, he decides to capture live network traffic and manually review the protocol fields. This method allows him to see SNMP requests and responses in transit but requires manual parsing of OIDs, community strings, and variable bindings. Which method should Jason use in this situation?
Correct Answer: B
Jason's goal is to capture live SNMP traffic on the wire and manually inspect protocol fields such as community strings, OIDs, and variable bindings within requests and responses. The method described is packet capture and protocol dissection, which is exactly what Wireshark is designed for. Wireshark can capture traffic from an interface (or from a mirrored/SPAN port) and decode SNMP at the protocol level, presenting SNMP PDUs in a human-readable structure. This enables an assessor to view SNMP GET /GETNEXT/GETBULK requests, SET operations (if present), and responses, including the transmitted identifiers and values-useful for verifying whether sensitive SNMP data is exposed in transit. The scenario explicitly states Jason is not running structured queries and instead wants to observe "SNMP requests and responses in transit," which rules out tools that actively query devices. SnmpWalk (C) is an active enumeration tool that queries SNMP agents using a community string and walks a subtree of the MIB; that is the opposite of passive traffic inspection. Nmap (A) can scan ports and perform some SNMP-related scripts, but it still operates as an active probing tool rather than a live traffic capture and manual field review platform. SoftPerfect Network Scanner (D) is a network discovery tool for identifying hosts and services; it is not a packet-level sniffer intended for dissecting SNMP messages on the wire. Additionally, the mention of "manual parsing" is consistent with packet analysis workflows: even though Wireshark decodes SNMP, the analyst still needs to interpret what OIDs and values mean, correlate requests to responses, and assess sensitivity (e.g., community strings in SNMPv1/v2c are not encrypted, and captured traffic may reveal them). Therefore, the correct method is B. Wireshark.
312-50v13 Exam Question 78
In the crisp mountain air of Denver, Colorado, ethical hacker Lila Chen investigates the security framework of MedVault, a US-based healthcare platform used by regional clinics to manage patient data. During her assessment, Lila manipulates session parameters while navigating the patient portal's dashboard. Her tests reveal a critical flaw: the system allows users to access sensitive medical records not associated with their own account, enabling unauthorized changes to private health data. Upon deeper inspection, Lila determines that the issue stems from the application allowing users to perform actions beyond their assigned roles rather than failures in encryption, unsafe object handling, or server configuration. Which OWASP Top 10 2021 vulnerability is Lila most likely exploiting in MedVault's web application?
Correct Answer: D
Broken Access Control is the correct choice because the scenario describes a user being able to access and modify resources that should be restricted to other users or roles. In CEH-aligned web testing, access control flaws occur when an application fails to enforce authorization checks consistently on the server side. Manipulating session parameters and then retrieving "sensitive medical records not associated with their own account" is a classic indicator of an authorization bypass, often seen as insecure direct object references, parameter tampering, or horizontal and vertical privilege escalation. Horizontal escalation is when one user accesses another user's data at the same privilege level, while vertical escalation is when a user performs actions reserved for higher-privileged roles. The prompt explicitly states users can perform actions beyond assigned roles, which is the definition of broken authorization enforcement. The other options do not align with the described root cause. Cryptographic Failures focuses on weak or missing encryption and does not explain why authenticated users can reach unauthorized records. Insecure Deserialization involves unsafe deserialization leading to remote code execution or data tampering via serialized objects, which is not indicated here. Security Misconfiguration is broader and can contribute to exposure, but the scenario emphasizes role and resource permission bypass rather than mis-set server headers, default accounts, or exposed admin interfaces. Mitigation in CEH best practices includes enforcing server-side authorization on every request, using deny-by- default policies, validating that the authenticated user is allowed to access the specific record identifier, implementing robust role-based access control, logging access denials, and adding automated tests to prevent IDOR and privilege escalation regressions.
312-50v13 Exam Question 79
A Nessus scan reveals a critical SSH vulnerability (CVSS 9.0) allowing potential remote code execution on a Linux server. What action should be immediately prioritized?
Correct Answer: D
According to the CEH Vulnerability Assessment and Incident Response modules, vulnerabilities with high CVSS scores and potential RCE must be treated as active threats. CEH best practices recommend: * Immediate containment (network isolation) * Investigation and impact analysis * Patch application * Recovery Option D follows the CEH incident response lifecycle precisely. Option C is incomplete without containment. Options A and B are unsafe. CEH emphasizes containment before remediation.
312-50v13 Exam Question 80
At Apex Financial Services in Houston, Texas, ethical hacker Javier Ruiz evaluates mobile security practices under the company ' s BYOD policy. He demonstrates that employees often install applications that request access to contact lists, cameras, and messaging services, even though these functions are unrelated to the apps ' intended purpose. This behavior allows a malicious program to harvest sensitive corporate information. Which security guideline would most directly prevent this issue?
Correct Answer: C
The issue described is excessive or inappropriate application permission granting in a BYOD environment. Employees install apps that request access to sensitive device resources-contacts, camera, messaging- despite those permissions not being necessary for the app's stated purpose. This creates a risk of data harvesting and corporate information leakage if a malicious or overly intrusive app is installed. The most direct guideline to prevent this behavior is to review the permissions requested by apps before installing them. Mobile operating systems rely heavily on permission models to control access to sensitive data and device capabilities. When users approve broad permissions without scrutiny, they effectively authorize the app to collect and transmit sensitive information. Enforcing a culture and policy of checking permissions (and denying or uninstalling apps that request unnecessary access) directly addresses the root cause in the scenario: user consent enabling excessive privilege at the app level. In a corporate BYOD program, this guideline is often paired with mobile security controls such as enterprise app stores, allowlists/denylists, MDM/MAM policies, and user awareness training, but the question asks for the most direct preventive guideline. Why the other options are less direct: Encryption at rest (A) helps protect stored data if the device is lost or compromised, but it does not stop an authorized app from accessing data via granted permissions. Automatic locking/biometrics (B) reduces unauthorized physical access, but it does not constrain what a permitted app can access while the device is in use. App passwords (D) can help restrict casual access to an app, but they do not solve the problem of an app legitimately being granted invasive permissions. Therefore, the best answer is C. Review permissions requested by apps before installing them.
