Free Practice Questions for ECCouncil 312-50v13 Exam

A mirror site may be a website or set of files on a computer server that has been copied to a different computer server in order that the location or files are available from quite one place. A mirror site has its own URL, but is otherwise just like the principal site. Load-balancing devices allow high-volume sites to scale easily, dividing the work between multiple mirror sites.

A mirror site is typically updated frequently to make sure it reflects the contents of the first site. In some cases, the first site may arrange for a mirror site at a bigger location with a better speed connection and, perhaps, a better proximity to an outsized audience.

If the first site generates an excessive amount of traffic, a mirror site can ensure better availability of the web site or files. For websites that provide copies or updates of widely used software, a mirror site allows the location to handle larger demands and enables the downloaded files to arrive more quickly. Microsoft, Sun Microsystems and other companies have mirror sites from which their browser software are often downloaded.

Mirror sites are wont to make site access faster when the first site could also be geographically distant from those accessing it. A mirrored web server is usually located on a special continent from the principal site, allowing users on the brink of the mirror site to urge faster and more reliable access.

Mirroring an internet site also can be done to make sure that information are often made available to places where access could also be unreliable or censored. In 2013, when Chinese authorities blocked access to foreign media outlets just like the Wall Street Journal and Reuters, site mirroring was wont to restore access and circumvent government censorship.

Comprehensive and Detailed Explanation:

Nikto is an open-source web server scanner that:

Checks for common vulnerabilities

Detects outdated software versions

Flags insecure configurations and files

It is widely used for quick and comprehensive web vulnerability assessments.

From CEH v13 Courseware:

Module 10: Web Application Hacking → Web Vulnerability Scanning Tools

Command Breakdown:

nc: Netcat utility

-l: Listen mode

-u: Use UDP protocol

-p 55555: Listen on port 55555

< /etc/passwd: Redirects the contents of /etc/passwd into the socket

This means that when a connection is made to UDP port 55555, the contents of /etc/passwd will be sent to the connecting host.

From CEH v13 Courseware:

Module 8: Sniffing & Network Communication Tools

CEH v13 Study Guide states:

“Netcat can be used to serve files, open shells, or transfer data. Using input redirection, it can stream file contents to anyone who connects.”

Incorrect Options:

A: Does not log; it outputs /etc/passwd

C: The opposite; it serves the file, doesn’t grab it

D: Netcat does not delete files with this syntax

Hashing algorithms are specifically designed to ensure data integrity. A hash function takes an input and returns a fixed-length string, called a hash or message digest. Even a small change in the input results in a completely different hash, making it useful for detecting tampering.

Common hashing algorithms include:

MD5 (now obsolete for secure uses)

SHA-1, SHA-2, SHA-3

HMAC (Hashed Message Authentication Code)

From CEH v13 Courseware:

Module 20: Cryptography

Topic: Hash Functions and Data Integrity

CEH v13 Study Guide states:

“Hashing algorithms provide integrity by generating a unique digital fingerprint of data. Any alteration in the message content will result in a different hash value, indicating that the integrity has been compromised.”

Incorrect Options:

A: Symmetric algorithms provide confidentiality.

B: Asymmetric algorithms provide confidentiality and authentication.

D: "Integrity algorithms" is not a formal cryptographic term.

In CEH v13 Module 17: Mobile and IoT Security, Advanced SMS Phishing (also known as SMiShing) is described as a technique where attackers impersonate trusted entities via SMS to:

Trick users into entering authentication codes or PINs.

Deliver malicious payloads or alter device configurations.

Simulate OTA (Over-the-Air) provisioning messages.

In this case:

The attacker sends a fake OTA setup message asking for a PIN.

Once Ben enters the PIN, the device's configuration is hijacked.

Why Others Are Incorrect:

B. Bypass SSL pinning: Relates to mobile app reverse engineering and traffic interception.

C. Phishing: General term; SMS-specific variant is more accurate here.

D. Tap ‘n ghost: A touch screen manipulation attack, unrelated to messaging.

Correct answer is A. Advanced SMS phishing.

The PSH (Push) flag in TCP instructs the sending system to:

Immediately deliver data to the application.

Avoid waiting for additional buffered data to form a full segment.

This is important in interactive communications like Telnet or SSH, where the delay in transmission would degrade the user experience.

From CEH v13 Courseware:

Module 3: Scanning Networks → TCP Flags and Packet Structure

Tess King is attempting to gather all DNS records from a target zone. This process is referred to as a zone transfer (AXFR), which is typically performed by secondary name servers to synchronize DNS data with the primary. If improperly secured, attackers can initiate unauthorized zone transfers to enumerate valuable information such as:

Hostnames

IP addresses

Mail servers

Name servers

CEH v13 defines a zone transfer as a crucial step in DNS enumeration.

From CEH v13 Official Courseware:

Module 3: Scanning Networks

Topic: DNS Enumeration → Zone Transfers

CEH v13 Study Guide states:

“A zone transfer (AXFR) is a DNS transaction used to replicate DNS databases. Attackers can exploit this feature to extract all DNS information from an improperly secured server.”

Incorrect Options:

A. Zone harvesting is not a formal term.

C. Zone update refers to DNS dynamic update operations (e.g., DDNS).

D. Zone estimate is not a DNS-related process.

The description in the scenario clearly points to Docker. Docker is an open-source platform that automates the deployment, scaling, and management of applications inside containers. It allows:

Isolation of applications from the underlying system

Communication through well-defined APIs and networking interfaces

Rapid packaging and shipping of applications in a containerized format

Docker uses OS-level virtualization and is ideal for Platform-as-a-Service (PaaS) environments.

Incorrect Options:

A. Virtual machines virtualize entire operating systems and are heavier in resource use.

B. Serverless computing abstracts the infrastructure entirely but is not about containerization.

D. Zero Trust is a security architecture, not a development or packaging platform.

Reference – CEH v13 Official Courseware:

Module 19: Cloud Computing

Section: “Containerization and Docker”

Subsection: “Security Benefits of Containers”

===========

TCP port 21 is used by the File Transfer Protocol (FTP), which is an unencrypted protocol. To detect if unencrypted file transfers are taking place, you can apply the Wireshark display filter:

tcp.port == 21

This will show all traffic to and from FTP servers. Since FTP transmits usernames, passwords, and data in clear text, its use would violate the company’s policy.

CEH v13 states:

“FTP (Port 21) is a cleartext protocol vulnerable to sniffing. To enforce secure communication, companies often transition to SFTP (over SSH, port 22) or FTPS (FTP over TLS/SSL).”

Incorrect Options:

B. Port 23 is used for Telnet, not FTP.

C. Combining FTP (21) and SSH/SFTP (22) would include encrypted traffic, which is not what you're trying to isolate.

D. tcp.port != 21 filters out FTP traffic, which is the opposite of the intended goal.

Reference – CEH v13 Guide:

Module 01: Introduction to Ethical Hacking

Subsection: Sniffing and Cleartext Protocols

Wireshark iLab: Identifying FTP Traffic

===========

In CEH v13 Module 03: Scanning Networks, service version detection is achieved using the -sV option in Nmap.

-sV: Enables version detection of open ports by sending probes to determine the service name and version (e.g., Apache 2.4.49).

Helps identify potential vulnerabilities in specific software versions.

Option Clarification:

A. -SN: Ping scan (host discovery only).

B. -SX: Invalid/undefined option.

C. -sV: Correct option for service version detection.

D. -SF: Sends FIN packets (used in stealth scans), not for version discovery.

The recommended architecture for secure web application deployment is a multi-tiered setup:

Web server in the DMZ (public-facing)

Application server on the internal network

Database server on the internal network

This design limits the exposure of critical components. Only the web server is exposed to the internet, while application and database servers are shielded by firewalls and only accessible internally.

Reference – CEH v13 Official Study Guide:

Module 10: Hacking Web Servers

Quote:

“Place the web server in the DMZ and keep the application and database servers within the internal network. This reduces the attack surface and provides layered security.”

Incorrect Options Explained:

A. Internal placement makes them inaccessible externally.

C & D. Exposing the database or all servers to the internet introduces significant risk.

===========

Zero Trust Networks The Zero Trust model is a security implementation that by default assumes every user trying to access the network is not a trusted entity and verifies every incoming connection before allowing access to the network.It strictly follows the principle, “Trust no one and validate before providing a cloud service or granting access permission.”It also allows companies to impose conditions, such as allowing employees to only access the appropriate resources required for their work role. (P.2997/2981)

Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control.

https://en.wikipedia.org/wiki/MAC_filtering

MAC filtering is a security method based on access control. Each address is assigned a 48-bit address, which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don’t want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address. We can configure the filter to allow connection only to those devices included in the white list. White lists provide greater security than blacklists because the router grants access only to selected devices.

It is used on enterprise wireless networks having multiple access points to prevent clients from communicating with each other. The access point can be configured only to allow clients to talk to the default gateway, but not other wireless clients. It increases the efficiency of access to a network.

The router allows configuring a list of allowed MAC addresses in its web interface, allowing you to choose which devices can connect to your network. The router has several functions designed to improve the network's security, but not all are useful. Media access control may seem advantageous, but there are certain flaws.

On a wireless network, the device with the proper credentials such as SSID and password can authenticate with the router and join the network, which gets an IP address and access to the internet and any shared resources.

MAC address filtering adds an extra layer of security that checks the device’s MAC address against a list of agreed addresses. If the client’s address matches one on the router’s list, access is granted; otherwise, it doesn’t join the network.

In an inference-based assessment, scanning starts by building an inventory of the protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those relevant tests.

https://www.offensive-security.com/metasploit-unleashed/msfencode/

One of the best ways to avoid being stopped by antivirus software is to encode our payload with msfencode. Msfencode is a useful tool that alters the code in an executable so that it looks different to antivirus software but will still run the same way. Much as the binary attachment in email is encoded in Base64, msfencode encodes the original executable in a new binary. Then, when the executable is run, msfencode decodes the original code into memory and exe-cutes it.