A penetration tester performs a vulnerability scan on a company's network and identifies a critical vulnerability related to an outdated version of a database server. What should the tester prioritize as the next step?
Correct Answer: A
CEH v13 details the standard penetration testing workflow, where confirmed critical vulnerabilities- especially those affecting core systems like database servers-should be prioritized for exploitation only after verification and when explicitly permitted by the rules of engagement. Exploiting a known vulnerability using vetted tools (e.g., Metasploit, CVE-specific exploits) provides evidence of real-world risk and validates the severity rating. Brute-forcing logins (Option B) is inefficient and often outside scope. Ignoring a critical vulnerability (Option C) violates CEH's prioritization guidelines. A DoS attack (Option D) is never appropriate unless the engagement explicitly authorizes destructive testing, which is rare. CEH stresses that high-impact vulnerabilities should be exploited to demonstrate business risk, privilege escalation potential, data exposure, or lateral movement possibilities-making Option A fully aligned with CEH methodology.
312-50v13 Exam Question 202
You are Emma Rodriguez, an ethical hacker at SecurePath Solutions, hired to test the mobile application security of Sterling & Associates, a law firm in New York City. During a covert assessment, your objective is to simulate an attacker attempting to exploit vulnerabilities in the firm's client case management app. You discover that the app stores user credentials in plain text on the device, enabling you to extract sensitive client login information using a rooted device. Based on this finding, which OWASP Top 10 Mobile Risk are you identifying in the app?
Correct Answer: D
The finding described maps directly to Insecure Data Storage. In CEH-aligned mobile security guidance and OWASP Mobile risk discussions, insecure data storage occurs when a mobile application saves sensitive information locally in a way that can be easily recovered by an attacker, especially on a rooted or jailbroken device where sandbox protections can be bypassed. Storing usernames and passwords in plain text is a high- severity example because it allows immediate account takeover and enables access to protected client records, case notes, and other confidential material. Mobile devices routinely store app data in local file systems, shared preferences, databases, logs, or cached content. If sensitive data is stored without proper protections, an attacker with physical access, malware, backup extraction capability, or root access can read it directly. CEH materials emphasize that rooting dramatically increases attacker capability by permitting access to app directories and system areas that would otherwise be restricted. That is exactly what the scenario shows: credentials are recovered from the device once root access is available. The best practice mitigation is to never store credentials in plain text. Use secure, OS-provided storage such as Android Keystore or iOS Keychain, apply strong encryption with keys protected by hardware-backed mechanisms when available, minimize what is stored locally, and ensure secrets are not written to logs or debug artifacts. Insecure Communication would involve weak transport protections, and Improper Credential Usage can include hardcoded credentials or poor authentication handling, but the specific issue here is plainly unsafe local storage of credentials, so Insecure Data Storage is the correct choice.
312-50v13 Exam Question 203
A competing technology firm begins releasing products that closely mirror the design, pricing strategy, and feature roadmap of ApexDynamics Inc. An internal review reveals that detailed information about ApexDynamics ' s upcoming initiatives had been gradually collected through publicly available sources and external disclosures before product launch. Which footprinting-related threat does this scenario best represent?
Correct Answer: A
The best answer is Corporate Espionage. CEH reconnaissance coverage explains that footprinting can be used not only for technical attack preparation but also for competitive intelligence gathering against organizations. In this scenario, a rival company appears to have derived meaningful strategic information about product design, pricing, and roadmap decisions from publicly available data and external disclosures before launch. The resulting harm is not just accidental exposure in the abstract; it is the use of collected intelligence to gain a business advantage over the target organization. That makes corporate espionage the most accurate classification. Information leakage is certainly part of the pathway, because some information had to be exposed or inferable from public sources, but the threat asked for is the footprinting-related consequence represented by the competitor's behavior. Business loss describes an impact, not the threat category itself. Social engineering would require manipulative interaction with people, which is not stated here. CEH materials note that careless public disclosures, metadata, career postings, partner information, and strategic announcements can all support footprinting by competitors or adversaries. When such data is systematically collected to mirror or undermine business strategy, the activity is best described as corporate espionage.
312-50v13 Exam Question 204
Cyber experts conducting covert missions exclusively for national interests are best classified as:
Correct Answer: A
CEH v13 classifies state-sponsored hackers as highly skilled professionals who operate under government direction to conduct espionage, intelligence gathering, sabotage, or cyber warfare. These attackers often target foreign governments, critical infrastructure, and strategic industries. The defining characteristics are: Government backing National or geopolitical objectives Advanced resources and long-term campaigns Options B, C, and D do not fit. Organized hackers are typically financially motivated cybercriminal groups. Gray hats operate without authorization but not for national interests. Hacktivists pursue ideological or political causes independently. CEH v13 explicitly associates covert intelligence operations with state-sponsored actors, making Option A correct.
312-50v13 Exam Question 205
During a penetration test at a healthcare provider in Phoenix, ethical hacker Sofia crafts a stream of IP packets with manipulated offset fields and overlapping payload offsets so that the records server ' s protocol stack repeatedly attempts to reconstruct the original datagrams. The repeated reconstruction attempts consume CPU and memory, causing the system to crash intermittently and disrupt patient portal access, even though overall bandwidth remains normal. Packet analysis shows deliberately malformed offsets that trigger processing errors rather than a simple flood of traffic. Which type of attack is Sofia most likely simulating?
Correct Answer: C
This scenario matches a Teardrop attack, which exploits IP fragmentation reassembly weaknesses by sending fragments with overlapping or inconsistent offset fields. In a teardrop attack, the attacker crafts IP fragments so that when the target attempts to reassemble them into the original datagram, the fragment offsets and sizes do not align correctly (often overlapping). Vulnerable systems can experience errors in the reassembly process, leading to CPU/memory exhaustion, crashes, or instability in the network stack. The question highlights "manipulated offset fields and overlapping payload offsets," "repeated attempts to reconstruct," and "deliberately malformed offsets that trigger processing errors rather than a simple flood," which are all core teardrop characteristics. The impact described-system crashes and service disruption without abnormal bandwidth usage-also fits. This is not a volumetric DoS (like ICMP flood); it's a malformed-packet attack that targets protocol stack processing. The key is that the attacker is exploiting how the target handles fragmented packets, causing excessive processing and failure during reassembly. Why the other options are less accurate: Fragmentation attack (A) is a broader category and could include many fragmentation-based manipulations, but "overlapping offsets causing reassembly failure" is the classic teardrop pattern. ICMP flood (B) is bandwidth/packet-rate driven and does not involve IP fragment offset manipulation. Ping of Death (D) involves oversized ICMP packets (often via fragmentation) exceeding maximum IP size, causing crashes on vulnerable stacks; the scenario instead emphasizes overlapping offsets and reassembly logic errors rather than oversized packet size. Therefore, Sofia is most likely simulating C. Teardrop Attack.
