Ace Your 312-50v13 CEH v13 Exam

CEH describes SQL injection testing as a core part of web application assessment. One of the first and safest validation techniques is using a tautology-based SQL injection payload, such as ' OR ' 1 ' = ' 1. If the application concatenates user input directly into SQL queries, such an input will cause the query to always evaluate as true, often returning additional records such as multiple user profiles. This confirms the presence of SQL injection without causing destructive effects like dropping tables. Testing XSS does not validate SQL injection, brute-forcing credentials is unrelated, and directory traversal attacks target file path manipulation rather than backend queries. CEH emphasizes avoiding destructive queries and starting with non-intrusive injection payloads that reveal improper input sanitization, making ' OR ' 1 ' = ' 1 the correct technique for confirming SQL injection vulnerabilities in URL parameters.

TCP port 1433 is the well-known default port for Microsoft SQL Server, formally registered as ms-sql-s. In CEH network and perimeter security coverage, identifying services by their default port assignments is a critical reconnaissance and defensive skill. When reviewing firewall rules and exposed services, analysts correlate open ports with their associated protocols to determine risk exposure. Port 1433 is widely recognized as the primary listening port for Microsoft SQL Server instances configured with default settings.

The presence of an undocumented virtual machine actively handling traffic on port 1433 is particularly concerning because database services often store sensitive operational or customer data. If exposed unnecessarily, SQL Server can be targeted for brute-force authentication attacks, SQL injection exploitation, misconfiguration abuse, or exploitation of unpatched vulnerabilities. CEH materials emphasize that database services should not be directly exposed to the internet unless absolutely necessary and must be protected by strict access controls, segmentation, encryption, and monitoring.

Option B, SqlNet, typically refers to Oracle database communication over port 1521. Option D, ms-sql-m, is associated with SQL Server Browser service over UDP 1434, not TCP 1433. Option A, sqlsrv, is not the formal IANA-registered service name for port 1433. Because ms-sql-s is the standard designation for Microsoft SQL Server on TCP port 1433, and given the risk of exposing database services, this finding warrants immediate escalation and review.

The correct answer is RSA. CEH cryptography coverage identifies RSA as a public-key cryptosystem widely used for encryption and digital signatures, and it specifically notes that RSA relies on modular arithmetic and large prime numbers. The scenario states that the sender signs with a private key and the recipient verifies with the corresponding public key, which matches standard digital-signature use in RSA-based public-key infrastructure. CEH materials also describe RSA as the de facto asymmetric standard and emphasize its role in authentication, confidentiality, and nonrepudiation. Diffie-Hellman is mainly a key-exchange algorithm and is not the best fit for the signature workflow described here. DSA is a digital-signature algorithm, but the clue about modular exponentiation together with the broad support for encryption and signatures points more directly to RSA in CEH-style exam framing. ElGamal also supports encryption and signatures, but CEH references consistently present RSA as the standard answer when the question combines public/private key signing, directory-based public-key verification, and mainstream digital-signature deployment. Therefore, from a CEH guide perspective, RSA is the most accurate identification for the payment system’s asymmetric algorithm.

The correct answer is C. Rogue DHCP Server Attack because the observed impact is that client machines on the LAN begin receiving incorrect network configuration parameters—specifically altered default gateways and DNS server addresses—shortly after Priya connects her laptop. In CEH-aligned LAN attack concepts, a rogue DHCP attack occurs when an attacker introduces an unauthorized DHCP service that responds to DHCP discovery requests faster than the legitimate DHCP server. As a result, endpoints accept the attacker-provided lease options, which can redirect traffic through attacker-controlled infrastructure.

The redirection to “fake login portals hosted on Priya’s machine” is consistent with malicious DHCP option abuse. By supplying a rogue DNS server (or altering DNS-related options), the attacker can resolve internal hostnames (like intranet URLs) to the attacker’s IP, enabling credential harvesting via spoofed portals. By supplying a rogue default gateway, the attacker can position themselves as the network path for victim traffic, enabling man-in-the-middle style interception, traffic manipulation, and session hijacking. The mention of “temporary IP conflicts” further supports rogue DHCP behavior, because an attacker DHCP server can hand out addresses that overlap with the legitimate scope or cause duplicate assignments, producing conflicts and instability.

Why the other options are less accurate: DHCP starvation involves exhausting the legitimate DHCP pool by flooding requests with spoofed MAC addresses, often as a precursor to then standing up a rogue DHCP server. The scenario emphasizes that clients are actively receiving malicious settings (gateway/DNS), which is the hallmark of the rogue server stage rather than starvation alone. DNS cache poisoning targets DNS resolvers/caches and does not by itself cause clients to suddenly obtain new gateway/DNS configurations. Packet sniffing is passive and does not explain clients being reconfigured or redirected.

Therefore, Priya most likely performed a rogue DHCP server attack to reconfigure endpoints and redirect users to phishing portals.