312-50v13 Exam Dumps - Certified Ethical Hacker Exam (CEHv13)

Infrastructure as a Service (IaaS) provides virtualized computing infrastructure over the internet. In this model:

The cloud provider supplies the hardware (servers, storage, networking).

The client (your organization) is responsible for installing and managing the OS, applications, and all configurations.

This aligns with the question, where the organization must take full responsibility for maintenance.

Incorrect Options:

A. PaaS offers managed OS, middleware, and runtime, reducing customer responsibilities.

B. SaaS provides fully managed applications—users only access features.

C. Functions as a Service (FaaS) offers event-driven computing without server management, used in serverless environments.

Reference – CEH v13 Official Courseware:

Module 19: Cloud Computing

Section: “Cloud Service Models”

Table: “Responsibilities in IaaS vs PaaS vs SaaS”

===========

Comprehensive and Detailed Explanation:

Tshark is the command-line version of Wireshark. The correct syntax for filtering packets from a subnet:

sudo tshark -f "net 192.168.8.0/24"

This captures only the traffic from that IP range. It’s ideal for cron jobs and automated monitoring.

From CEH v13 Courseware:

Module 8: Sniffing → Tshark and Wireshark Usage

SQL Injection is a type of attack that exploits a vulnerability in a web application that uses a SQL database. The attacker injects malicious SQL code into the user input, such as a login form, that is then executed by the database server. This can allow the attacker to access, modify, or delete data, or execute commands on the database server.

The ‘UNION’ SQL keyword is often used in SQL Injection attacks to combine the results of two or more SELECT statements into a single result set. This can allow the attacker to retrieve additional data from other tables or columns that are not intended to be displayed by the application. For example, if the application uses the following query to check the user credentials:

SELECT * FROM users WHERE username = '$username' AND password = '$password'

The attacker can inject a ‘UNION’ statement to append another query, such as:

' OR 1 = 1 UNION SELECT * FROM credit_cards --

This will result in the following query being executed by the database server:

SELECT * FROM users WHERE username = '' OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

The first part of the query will always return true, and the second part of the query will return the data from the credit_cards table. The ‘–’ symbol is a comment that will ignore the rest of the query. The attacker can then see the credit card information in the application’s response.

However, some web applications implement security measures to prevent SQL Injection attacks, such as filtering special characters in user inputs. Special characters are symbols that have a special meaning in SQL, such as quotes, semicolons, dashes, etc. By filtering or escaping these characters, the application can prevent the attacker from injecting malicious SQL code. For example, if the application replaces single quotes with two single quotes, the previous injection attempt will fail, as the query will become:

SELECT * FROM users WHERE username = '''' OR 1 = 1 UNION SELECT * FROM credit_cards --'' AND password = '$password'

This will result in a syntax error, as the query is not valid SQL.

In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, the strategy that he is most likely to employ is to bypass the special character filter by encoding his malicious input. Encoding is a process of transforming data into a different format, such as hexadecimal, base64, URL, etc. By encoding his input, the hacker can avoid the filter and still inject malicious SQL code. For example, if the hacker encodes his input using URL encoding, the previous injection attempt will become:

%27%20OR%201%20%3D%201%20UNION%20SELECT%20*%20FROM%20credit_cards%20--

This will result in the following query being executed by the database server, after the application decodes the input:

SELECT * FROM users WHERE username = '' OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

This will succeed in returning the credit card information, as the filter will not detect the special characters in the encoded input.

Therefore, the hacker is most likely to employ the strategy of bypassing the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries.

Padding oracle attacks exploit systems that reveal differences in error responses when incorrectly padded ciphertext is submitted. CEH explains that these variations allow attackers to iteratively determine valid padding bytes and ultimately decrypt or modify encrypted data without knowledge of the key.

The described attack is a Downgrade Security Attack. In this scenario:

The legitimate client and access point support both WPA2 and WPA3.

The attacker introduces a rogue AP that only supports WPA2.

The victim connects to this rogue AP using WPA2 (less secure) instead of WPA3.

Once downgraded, the attacker captures the handshake and attempts to crack the WPA2 encryption.

This is known as a “Downgrade Attack” or “Downgrade Negotiation Attack,” which exploits backward compatibility in security protocols.

Incorrect Options:

A. Timing-based attacks usually refer to side-channel analysis, not protocol downgrading.

B. Side-channel attacks extract info via timing, power usage, etc., not protocol negotiation.

D. Cache-based attacks exploit memory caching behavior.

Reference – CEH v13 Official Courseware:

Module 16: Hacking Wireless Networks

Section: “Wireless Encryption Attacks”

Subsection: “Downgrade Attacks (WPA3 to WPA2) and Rogue Access Points”

Comprehensive and Detailed Explanation:

Cryptographic hash functions provide:

Integrity: Any change in the input changes the output hash.

Collision Resistance: It is computationally infeasible to find two inputs that produce the same hash.

This ensures data is not altered during transmission.

From CEH v13 Courseware:

Module 10: Cryptography → Hashing Functions (e.g., SHA-256, MD5)

While perimeter defenses like firewalls and IPS provide a layer of protection, internal systems (such as network elements) must also be hardened. This includes:

Enforcing strong authentication

Applying regular patches and updates

Conducting vulnerability assessments and security audits

Security should be layered (defense in depth), and reliance on perimeter defense alone is insufficient.

Reference – CEH v13 Official Study Guide:

Module 3: Scanning Networks / Module 18: Incident Response

Quote:

“Internal systems must be hardened with secure configurations and tested regularly. A layered security approach is required even in protected environments.”

Incorrect Options:

B & C. Relying only on perimeter or physical security is not sufficient

D. While backup sites are part of DR, they don’t replace proactive protection

===========