312-50V13 Free Sample Questions

A penetration tester is evaluating a financial institution's internal network. They discover a legacy system running a custom application that is critical for back-office operations. The tester suspects the application is vulnerable to a buffer overflow but finds that Data Execution Prevention (DEP) is enabled on the host operating system. To bypass DEP, the tester plans to use a Return-Oriented Programming (ROP) attack. Which of the following is the primary goal of creating a ROP chain in this scenario?

During a web application assessment, a security analyst is using Burp Suite to test for vulnerabilities. They identify a feature where user-submitted data is serialized and stored in a cookie. The application is built using Java. The analyst wants to test for insecure deserialization vulnerabilities. Which of the following tools would be most effective for creating a malicious serialized Java object to exploit this vulnerability?

A red team is targeting a corporation that uses a WPA3-Enterprise protected wireless network for its employees. The team wants to gain access to the internal network by exploiting the wireless infrastructure. Which of the following attack techniques would be most relevant for targeting a WPA3-Enterprise network? (Select TWO)

An ethical hacker is testing a smart thermostat device that communicates with a cloud-based management platform via the MQTT protocol. The hacker captures the network traffic and observes unencrypted MQTT packets containing sensitive information. To further exploit this, the hacker wants to connect their own client to the MQTT broker and subscribe to all topics to eavesdrop on all communications. Which MQTT topic subscription wildcard should be used to achieve this?

True or False: In a Kubernetes environment, if an attacker compromises a pod and finds a service account token mounted, they can only use this token to access the Kubernetes API server from within that same pod.

An ethical hacker is tasked with performing reconnaissance on a target company, `acmecorp.com`. The hacker wants to use the new AI-powered ShellGPT tool, as covered in CEH v13, to automate the generation of a complex `nmap` command. The goal is to perform an aggressive scan (`-A`), on the most common 1000 ports, against all hosts discovered in the `acmecorp.com` domain, while saving the output in all available formats (`-oA`). Which natural language query would be most effective to provide to ShellGPT to generate the desired command?

A security analyst is investigating a data exfiltration incident. The attacker used a DNS tunneling technique to bypass the corporate firewall. The analyst is reviewing packet captures and notices an unusually high volume of TXT record queries to a suspicious domain. The data appears to be encoded. Which of the following tools is specifically designed to create and manage DNS tunnels for data exfiltration or C2 communications?

A penetration tester is evaluating the security of an API endpoint that uses GraphQL. Unlike traditional REST APIs, GraphQL allows clients to request exactly the data they need. The tester wants to check for excessive data exposure vulnerabilities. Which type of GraphQL query would be most useful for discovering all possible data types and fields the API can return, potentially revealing sensitive information not intended for the public?

An incident response team is analyzing an attack on their organization. The attacker gained initial access, established persistence, and then used a 'living off the land' technique by abusing PowerShell to perform lateral movement and exfiltrate data. The activity was difficult to detect because it did not involve dropping any malicious executables onto the disk. Which of the following malware categories best describes this attack?

A security auditor is reviewing the cryptographic standards for a new application. The application needs to ensure the confidentiality of data in transit. The developers have proposed a plan that involves using a symmetric cipher for bulk data encryption and an asymmetric cipher for key exchange. A primary requirement is that if the server's long-term private key is compromised, past encrypted sessions should not be decipherable. Which cryptographic property must the key exchange mechanism implement to meet this requirement?