The CEH v13 courseware states that insecure communication occurs when mobile applications transmit sensitive data over unencrypted or weakly encrypted channels, exposing information to interception. When an application uses plain HTTP or does not properly validate certificates, attackers can place themselves between the client and server using a man-in-the-middle (MitM) attack. This allows them to read session tokens, credentials, API keys, or personal user data as it travels across the network. CEH materials emphasize that MitM attacks are the primary exploitation technique for insecure data transmission because they exploit weaknesses in transport-layer security rather than weaknesses in backend code or authentication mechanisms.
SQL injection and CSRF attacks target web application logic, not transport encryption. Brute-force attacks target authentication mechanisms and are unrelated to how data is transmitted. Therefore, the most effective exploitation method is intercepting traffic via MitM to capture or manipulate unencrypted communications.

CEH teaches that unrestricted file upload vulnerabilities are among the most dangerous in web applications because they allow attackers to bypass extension checks and upload malicious executable files. When the server fails to validate MIME types, file extensions, or execution permissions, an attacker can upload a web shell disguised as a harmless file, such as "image.php.jpg," which may pass superficial validation and still be executed by the server's interpreter. Once executed, the shell provides the attacker with command execution capabilities, allowing full control over the system. CEH emphasizes that web shells can enable privilege escalation, database compromise, lateral movement, or full server takeover. Unlike SQL injection or XSS, file upload exploitation directly affects server-side execution, making it significantly more severe. Unrestricted upload flaws are commonly tested in CEH labs with tools like Burp Suite to alter content-type headers or bypass client-side filters. This is a high-impact vulnerability requiring strict validation and sandboxing controls.

The correct answer is Inference-Based Assessment. CEH vulnerability assessment material explains that some scanning approaches do not blindly run every possible test against a host. Instead, they infer what checks are appropriate by first identifying protocols, ports, and services, then dynamically selecting tests that are relevant to those discoveries. The scenario describes exactly that behavior: the platform catalogs communication protocols, determines which services are associated with the observed ports, and automatically adjusts the vulnerability tests during execution. This inference-driven logic improves efficiency and reduces unnecessary probing because the scanner tailors its checks to the environment it discovers. Service-based and product- based phrasing may sound plausible, but the question is specifically about the scanning logic and decision model rather than the type of vendor offering. Tree-based assessment does not best describe the sequence presented. CEH guidance uses inference-based assessment to describe scanners that progressively refine their actions using information learned during earlier scanning stages. Because the selection of tests depends on discovered service characteristics and adapts as the scan proceeds, Inference-Based Assessment is the most accurate answer.

In CEH v13 Cloud Computing, multi-tenancy is a core cloud characteristic-but also a major risk if isolation controls are weak. When one tenant's actions affect others, the issue is almost always insufficient isolation between tenants.
Multi-tenant isolation ensures that compute, storage, memory, and network resources are strictly separated.
Without proper isolation, a malicious tenant can:
Exhaust shared resources
Access neighboring virtual machines
Damage the provider's reputation
Encryption and authentication protect data access but do not stop cross-tenant impact. Logging helps detect incidents but does not prevent them.
CEH v13 emphasizes strong logical isolation mechanisms-such as hypervisor hardening and tenant segmentation-as essential cloud security controls. Therefore, Option C is the correct answer.

CEH v13 emphasizes that insecure deserialization is one of the most dangerous application vulnerabilities because it can lead to arbitrary code execution, bypassing authentication, authorization, and session protections entirely.
Even with MFA, encrypted cookies, and WAFs, deserialization flaws allow attackers to manipulate serialized objects used in session handling. When deserialized without validation, these objects may execute attacker- controlled code.
CSRF relies on authenticated users. Side jacking is mitigated by encryption. Session fixation is ineffective if session regeneration and MFA are implemented. Insecure deserialization, however, attacks the application logic itself, making it the most effective option.
Thus, Option D is correct.