CEH v13 Changed 312-50v13 Questions

The correct answer is D because the remaining or residual risk is now 10%, which is below the organization’s defined risk threshold of 20%. In CEH risk-management concepts, risk assessment identifies and evaluates the potential damage or loss to assets, and risk treatment decisions include mitigation, avoidance, transfer, or acceptance. Risk acceptance means making an informed decision to accept the remaining potential for damage or loss. The guide also describes minimum acceptable risk as an organization’s threshold based on confidentiality, integrity, availability, and resource decisions. Since controls have already reduced risk from 50% to 10%, additional controls to reach 0% would likely waste resources and reduce business profit. Avoiding the risk could stop the project unnecessarily. Mitigation has already been performed successfully. Therefore, the best business-aligned decision is to formally accept the residual risk and continue the project.

This scenario describes steganographic sniffing, a highly sophisticated technique covered in CEH v13 Network Sniffing and Steganography. By embedding sensitive data inside legitimate image files—such as CT scans—attackers can intercept or exfiltrate patient information while avoiding detection.

Option D represents a steganography-based covert channel, which is extremely difficult to identify because:

The file appears legitimate

Standard encryption and IDS tools do not flag it

Medical images naturally contain large data volumes

Options A and B involve malware, which is more detectable. Option C involves text-based covert channels, which are easier to analyze than binary image embedding.

CEH v13 identifies steganography as one of the hardest data-hiding techniques to detect, making Option D correct.

IoT devices often suffer from weak or missing encryption protocols, creating opportunities for attackers to intercept sensitive information. CEH courseware highlights that when device-to-app communication occurs in plaintext, a man-in-the-middle attack becomes one of the most effective exploitation methods. By positioning themselves between the device and the mobile application, the attacker can observe all transmitted data, including configuration updates, authentication tokens, and personal information. Tools such as Wireshark, mitmproxy, and specialized IoT interception frameworks allow testers to capture packets, decode protocols, and reconstruct application logic. The CEH curriculum stresses the importance of evaluating IoT device communication channels, because many rely on unsecured HTTP or proprietary plaintext protocols. Brute-force attempts, SQL injection, or dictionary attacks do not directly target the device–app communication pathway and would not exploit the fundamental weakness present here: lack of encryption. A MitM attack directly takes advantage of this flaw and provides comprehensive visibility into all transmitted data, making it the most effective and CEH-aligned method of exploitation.

WPA with TKIP suffers from vulnerabilities inherited from WEP, particularly the use of weak Initialization Vectors (IVs). CEH v13 explains that these weaknesses allow attackers to perform packet injection and partial decryption attacks.

Although WPA improved upon WEP, TKIP was designed as a temporary solution and still relies on predictable IV behavior. This makes Option C correct.

Lack of AES (Option A) explains why WPA is weaker than WPA2 but does not directly describe the exploit mechanism. Weak passwords (Option D) affect authentication, not packet injection. GTK predictability (Option B) is relevant but not the primary cause here.

CEH v13 explicitly states that IV reuse and predictability in TKIP enable practical attacks. Therefore, Option C is correct.