CEH v13 312-50v13 Exam Questions and Answers PDF

Example Usage enip-info:

- nmap --script enip-info -sU -p 44818

This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number, Product code, Revision Number, status, state, as well as the Device IP.

This script was written based of information collected by using the the Wireshark dissector for CIP, and EtherNet/IP, The original information was collected by running a modified version of the ethernetip.py script

Btlejack is a tool used for attacking Bluetooth Low Energy (BLE) connections, including sniffing, jamming, and hijacking.

The -f option specifies the access address of the BLE connection.

The -j option is used to hijack an active BLE connection.

Therefore, the correct syntax to hijack a BLE connection is:

btlejack -f [access_address] -j

This matches Option A: btlejack -f 0x129f3244 -j

Incorrect Options:

B. -c any is used for sniffing any advertising packet but not for hijacking.

C. -d specifies device paths; -s starts a scan but does not hijack.

D. This is likely a malformed or unrelated command in the context of hijacking.

Reference – CEH v13 Official Courseware:

Module 18: IoT and OT Hacking

Section: “Bluetooth Low Energy (BLE) Attacks”

Tool Focus: “Btlejack Command Usage”

CEH iLab: Btlejacking with micro:bit

CEH explains that hash functions alone, such as SHA-256, only provide integrity checks and do not verify authenticity or non-repudiation. Attackers can modify data and recompute the hash.

Digital signatures combine hashing with asymmetric cryptography, ensuring:

Integrity

Authentication

Non-repudiation

Option D is correct.

Options A and B provide confidentiality, not integrity assurance.

Option C secures communication channels, not standalone data integrity.

CEH explicitly recommends digital signatures for protecting data integrity against tampering.

The host command in Linux is used for DNS lookup operations. The switch -t specifies the type of DNS record you are querying.

host -t a domain.com queries for A (Address) records, which return the IP address associated with a domain.

host -t ns queries for name servers (NS records).

host -t soa queries for the Start of Authority (SOA) record.

host -t AXFR attempts a zone transfer (not a standard resolution method and typically blocked).

Hence, option A correctly resolves a domain name to its IP address.