CEH v13 312-50v13 Reddit Questions

SMS Phishing, commonly called smishing, is the correct answer because the attack method is a deceptive text message sent to mobile devices that lures recipients into clicking a malicious link. In CEH-aligned social engineering coverage, smishing is a direct extension of phishing that uses SMS as the delivery channel. The attacker typically creates urgency or authority, such as “critical account update needed,” to trigger fast compliance. The message then pushes the victim to a malicious URL that can deliver malware, prompt credential entry, or enroll the device into a monitoring or management profile depending on platform and permissions. The key indicators in the question are company phones, a crafted message, and a link that installs monitoring software, which fits smishing exactly.

Bluebugging is a Bluetooth-based attack where the attacker exploits Bluetooth weaknesses to gain unauthorized access to a device, read data, place calls, or send messages, and it does not rely on sending a deceptive SMS link. Call spoofing is manipulating caller ID to impersonate a trusted number during voice calls, not delivering a malicious installation link through text. OTP hijacking focuses on intercepting or tricking users into revealing one-time passwords, often through SIM swapping, malware, or real-time phishing, but the scenario emphasizes installing monitoring software through a link rather than capturing a one-time code.

Defenses highlighted in ethical security training include mobile security awareness, blocking unknown links, using mobile threat defense, restricting app installation from untrusted sources, enforcing MDM controls, and monitoring SMS-based social engineering indicators.

CEH v13 stresses that IoT-to-OT convergence is one of the most dangerous architectures in critical infrastructure environments. IoT devices often lack strong security controls and become ideal entry points for lateral movement into OT systems controlling physical processes.

The immediate priority is to secure the communication boundary between IoT and OT systems. Implementing strong encryption, authentication, and access control ensures that even if an IoT device is compromised, it cannot be used as a pivot point. CEH v13 explicitly recommends network segmentation and secure communication channels as first-response containment measures.

Penetration testing (Option A) is valuable but time-consuming and not an immediate mitigation. ML-based tools (Option C) require training time and are not instant safeguards. IPS deployment (Option D) helps detect attacks but does not prevent credential abuse or trusted-path exploitation between IoT and OT layers.

By enforcing secure protocols, certificates, and authentication mechanisms, the organization reduces attack surface immediately. Thus, Option B is correct.

Virtual Patching is a risk-mitigation technique emphasized in CEH v13 Security Operations. It involves deploying compensating controls—such as WAF rules, IPS signatures, or firewall policies—to block exploitation attempts without modifying the vulnerable system.

CEH v13 highlights virtual patching as especially useful when:

Downtime is unacceptable

Vendor patches are delayed

Legacy systems are in use

Monitoring alone does not prevent exploitation, and shutting down systems is often impractical. Virtual patching provides immediate protection while maintaining availability.

CEH v13 describes relay attacks as credential forwarding techniques where attackers trick systems into authenticating to malicious servers, capturing hashes, and relaying them to privileged services. The described scenario aligns exactly with the PetitPotam attack, a known MS-EFSRPC abuse method that forces Windows domain controllers to perform NTLM authentication to attacker-controlled hosts. CEH discusses how relay attacks combined with Active Directory Certificate Services (AD CS) misconfigurations can allow attackers to request privileged certificates, effectively gaining domain administrator privileges without cracking hashes or accessing LSASS. CRIME (Option B) targets TLS compression and is unrelated. Browser token theft (Option C) applies to web sessions, not domain controllers. Session donation (Option D) is not part of Windows authentication hijacking. Thus, the scenario clearly represents a PetitPotam NTLM relay attack.