CEH v13 312-50v13 Exam Dumps

The correct answer is A. Stolen equipment. In CEH ethical hacking methodology, “stolen equipment” is a mode of ethical hacking that simulates theft of a critical information resource, such as a laptop owned by an important organizational user, and then provides that asset to the ethical hacker for assessment. The question specifically mentions targeting the CEO’s laptop or backup tapes to extract critical information, usernames, and passwords. These are classic examples of sensitive assets that may contain cached credentials, confidential documents, password hashes, VPN profiles, email archives, or backup copies of production data. This test evaluates whether protections such as full-disk encryption, strong authentication, secure backup handling, and data-at-rest controls are effective. “Physical entry” focuses on entering and compromising the organization’s facilities or ICT infrastructure, while “insider attack” simulates a trusted internal user abusing access. “Outsider attack” typically represents an external threat. Because the focus is on stolen laptops and backup media, the best CEH answer is stolen equipment.

Security awareness and training is the most effective primary countermeasure against social engineering because these attacks exploit human trust, curiosity, urgency, and lack of familiarity with deception tactics rather than purely technical weaknesses. In CEH guidance, phishing, vishing, and baiting succeed when users fail to recognize red flags such as unexpected requests, pressure to act quickly, suspicious links or attachments, caller spoofing, or offers that seem too good to be true. A structured awareness program directly reduces the chance of disclosure by teaching employees how to identify common pretexts, verify unusual requests, and follow safe reporting procedures.

While identity verification (option B) is an important practice, employees typically perform it correctly only when they have been trained on verification steps, escalation paths, and what “good verification” looks like under pressure. Two-factor authentication (option C) helps protect accounts even if credentials are stolen, but it does not prevent employees from sharing sensitive information such as customer data, internal documents, OTP codes, or approving fraudulent requests—many social engineering campaigns aim beyond passwords. Policies and procedures (option D) are necessary, but policies alone are often ignored or misunderstood without ongoing training, reinforcement, and real-world simulations.

CEH-aligned best practice is a layered approach: start with awareness training, reinforce it with clear handling policies, require verification for sensitive requests, conduct phishing simulations, and ensure employees know how to report suspicious emails/calls immediately. This combination reduces both successful compromise and the impact of attempts, but training is the foundational priority because it directly targets the human element being attacked.

In CEH v13 Reconnaissance and Enumeration, NetBIOS name suffixes are used to identify the role of systems within a Windows network. The < 1B > NetBIOS suffix is particularly significant because it uniquely identifies the Domain Master Browser, which in modern Windows environments corresponds to the Primary Domain Controller (PDC).

When an nbtscan is performed, multiple systems may respond with NetBIOS names, but only one system per domain will register the < 1B > suffix. This is because the PDC is responsible for maintaining the master browse list and coordinating authentication services across the domain.

Option C is correct because the < 1B > entry is explicitly defined in CEH documentation as belonging to the domain controller.

Option A is incorrect because the local system does not advertise < 1B > .

Option B is incorrect because DHCP servers use different identifiers and do not register < 1B > .

Option D is incorrect because NetBIOS must be enabled for < 1B > to appear at all.

CEH v13 highlights identifying < 1B > during enumeration as a high-value discovery, since domain controllers are prime targets during privilege escalation and lateral movement phases.

The correct answer is B. Agent Smith.

Agent Smith is an Android malware family known for abusing infected applications to silently replace legitimate installed apps with malicious versions. After replacement, the compromised apps can display fraudulent advertisements and collect or transmit user-related data.

CEH-aligned mobile security material explains that mobile malware targets mobile devices to steal personal data, and that installing applications from untrusted sources increases the risk of malware intrusion . It also explains that Android applications consist of components such as activities, services, broadcast receivers, content providers, and manifest files, which malware can abuse to run background behavior and interact with other applications .

Option A. GoldPickaxe is incorrect because GoldPickaxe is associated with mobile banking and identity-related theft activity, not the classic app-replacement and ad-fraud behavior described.

Option C. Pegasus is incorrect because Pegasus is advanced spyware focused on surveillance and data extraction, not primarily replacing installed apps to generate advertisements.

Option D. Mamont is incorrect because Mamont is associated with Android banking/social engineering fraud activity, not the described app-replacement adware behavior.

Therefore, the best answer is B. Agent Smith.