Changed 312-50v13 Exam Questions

In CEH v13 DNS Enumeration, DNS cache snooping determines whether a DNS resolver has a record cached. When +norecurse is used and the response is NOERROR with no answer, it means the server is authoritative but does not have the record cached.

CEH v13 explains that this suggests no internal client has recently queried the domain, making option D correct.

The correct answer is C. Insecure Data Storage because the vulnerability described is the storage of sensitive information locally on the mobile device in a manner that is not encrypted and is accessible by simply browsing the file system. In mobile application security, this is a classic risk category: when an app stores confidential data (case notes, client records, tokens, documents, cached responses, databases, logs, or exported files) in clear text or in insecure locations, an attacker who gains device access—or uses backup extraction, file explorers, rooted/jailbroken access, or malware with storage permissions—may retrieve that data without needing to authenticate to the application.

The scenario makes the weakness unmistakable: Daniel can use a “standard explorer tool” to open sensitive records “without any authentication.” This indicates the app is failing to apply appropriate protections such as encryption at rest, secure key handling, proper file permissions, and secure storage mechanisms. In secure mobile design, sensitive records should be encrypted using platform-supported protections (e.g., using OS keystores/keychains for keys, encrypting databases/files, and minimizing local retention). Additionally, apps should avoid storing highly sensitive regulated data unless essential, and should implement secure session controls and data lifecycle management (cache control, expiration, remote wipe support in enterprise settings).

Why the other options are not the best fit: Insecure communication concerns data exposure while transmitted over networks (e.g., lack of TLS, weak TLS, MITM susceptibility), whereas the issue here is purely local storage. Improper credential usage relates to mishandling passwords, tokens, or authentication secrets (hard-coded credentials, weak storage of credentials), but the prompt focuses on stored records themselves. Inadequate privacy controls is broader and typically involves over-collection, improper disclosure, or weak user privacy settings, not direct clear-text storage exposure.

Therefore, the most clearly present OWASP Top 10 Mobile Risk is Insecure Data Storage.

The correct answer is C. Confidentiality. In information security, the CIA triad consists of Confidentiality, Integrity, and Availability. Confidentiality specifically addresses the secrecy and privacy of information by ensuring that sensitive data is accessed, viewed, or disclosed only by authorized individuals, systems, or processes. CEH-aligned material explains that confidentiality means information is secret and should not be disclosed to unintended people or entities; if confidentiality is compromised, it can cause unauthorized access and privacy loss. Another CEH exam guide source states that confidentiality addresses the secrecy and privacy of information and prevents disclosure to unauthorized individuals or systems. Availability is incorrect because it ensures systems and data are accessible when needed. Integrity is incorrect because it protects data from unauthorized modification. Authentication is also incorrect because it verifies identity, but it does not itself define secrecy or privacy. Therefore, the best CEH answer is Confidentiality.

CEH explains that SQL injection testing should begin with controlled, intentional manipulation of SQL syntax to determine whether user input is improperly concatenated into backend queries. While destructive queries like DROP TABLE are not recommended in real-world ethical hacking engagements, CEH uses this example as a conceptual demonstration of how SQLi can influence database commands. In practice, a penetration tester would more safely use benign tautologies such as ' OR ' 1 ' = ' 1 to test whether unauthorized data is returned. However, within CEH’s theoretical framing, injecting a clearly malicious SQL command demonstrates whether the input is executed at the database level. This validates improper sanitization, the use of dynamic SQL queries, and missing parameterized input handling. CEH stresses that SQLi is among the most critical vulnerabilities because it allows attackers to bypass authentication, exfiltrate data, or manipulate the database structure. XSS, brute-forcing, and directory traversal do not test SQL query manipulation and therefore do not confirm SQL injection.