312-50v13 Leak Questions

Google Hacking, also known as Google Dorking, is a passive reconnaissance technique covered in CEH v13 Reconnaissance Techniques. It involves using advanced search operators to uncover sensitive information that has been inadvertently indexed by search engines.

CEH v13 explains that Google Hacking can reveal exposed files, directories, configuration files, backups, login portals, error messages, and sensitive documents. This information often resides on the Deep Web, meaning it is not easily accessible through normal browsing but is still indexed by search engines.

Option D correctly reflects this capability. Google Hacking does not analyze source code directly (Option A), map internal networks (Option C), or primarily detect phishing sites (Option B), although it may indirectly assist with those tasks.

Because Google Hacking relies solely on publicly available data and does not interact directly with target systems, it fits perfectly within passive footprinting, making it legally and ethically appropriate when authorized.

CEH v13 emphasizes Google Hacking as a powerful method to identify unintended data exposure. Therefore, Option D is the correct justification.

The KRACK (Key Reinstallation Attack) vulnerability is a critical WPA2 flaw covered extensively in CEH v13 Wireless Network Hacking. KRACK exploits weaknesses in the four-way handshake process, allowing attackers to force reinstallation of encryption keys.

This key reinstallation resets nonces and counters, enabling attackers to decrypt, replay, and forge packets, even on encrypted WPA2 networks. CEH v13 highlights that KRACK does not break encryption mathematically but exploits protocol logic flaws.

Hole196 affects GTK misuse, and WPS PIN attacks target authentication, not replay of encrypted traffic. Weak RNG issues are unrelated to WPA2 replay.

Thus, Option B is correct.

Asymmetric encryption, as defined in CEH v13 Cryptography, uses a public-private key pair, solving the key distribution problem inherent in symmetric encryption.

Public keys can be freely shared, enabling secure communication initiation without prior shared secrets. Disk encryption and hashes do not address key exchange.

Therefore, Option D is correct.

Ethical hacking, as defined throughout CEH courseware, is the authorized and legitimate process of identifying vulnerabilities, weaknesses, and misconfigurations in information systems. The primary objective is to strengthen security by discovering issues before malicious actors can exploit them. Ethical hackers follow strict legal guidelines, obtain written permission, and operate within a defined scope to ensure their activities contribute positively to the organization’s security posture. Unlike malicious hacking, the intent is not to steal data, cause harm, or disrupt operations. Ethical hackers use the same tools, techniques, and methodologies that attackers use, but with the purpose of remediation and risk reduction. CEH emphasizes that ethical hacking supports defense-in-depth strategies by enabling organizations to harden their environments and proactively mitigate threats. Therefore, identifying and fixing vulnerabilities is the central mission of ethical hacking.