312-50v13 Exam Dumps - Certified Ethical Hacker Exam (CEHv13)

If a system stores passwords in weak or reversible formats, attackers can perform offline cracking. CEH emphasizes dictionary attacks as the fastest and most efficient method to exploit weak hashing practices. This avoids detection and leverages known password patterns to recover plaintext credentials.

The Certified Ethical Hacker (CEH) Social Engineering module defines tailgating as a physical social engineering attack where an unauthorized person follows an authorized individual into a restricted area.

Option C precisely matches CEH’s definition.

Option A is pretexting.

Option B is baiting.

Option D is phishing.

CEH stresses physical security awareness as critical as cyber defenses.

Spear-phishing is a targeted form of phishing that uses personalized and context-rich information to increase credibility. CEH emphasizes that referencing specific internal projects, financial data, or organizational events significantly raises the success rate when attacking high-value targets such as executives. This tailored approach avoids suspicion and exploits trust more effectively than broad or generic phishing attempts.

Google Hacking, also known as Google Dorking, is a passive reconnaissance technique covered in CEH v13 Reconnaissance Techniques. It involves using advanced search operators to uncover sensitive information that has been inadvertently indexed by search engines.

CEH v13 explains that Google Hacking can reveal exposed files, directories, configuration files, backups, login portals, error messages, and sensitive documents. This information often resides on the Deep Web, meaning it is not easily accessible through normal browsing but is still indexed by search engines.

Option D correctly reflects this capability. Google Hacking does not analyze source code directly (Option A), map internal networks (Option C), or primarily detect phishing sites (Option B), although it may indirectly assist with those tasks.

Because Google Hacking relies solely on publicly available data and does not interact directly with target systems, it fits perfectly within passive footprinting, making it legally and ethically appropriate when authorized.

CEH v13 emphasizes Google Hacking as a powerful method to identify unintended data exposure. Therefore, Option D is the correct justification.

CEH v13 identifies Idle (Zombie) Scanning as one of the most stealthy reconnaissance techniques. In this method, attackers use a third-party system (the zombie) to send probes to the target, obscuring the attacker’s true identity.

Because the attacker never directly interacts with the target, detection and attribution become extremely difficult. FIN and Xmas scans are stealthy but still originate from the attacker’s IP. TCP connect scans are noisy and easily detected.

CEH v13 highlights idle scanning as the gold standard for stealth reconnaissance, making option D correct.