Exactprep 312-50v13 Questions

CEH v13 defines passive reconnaissance as information gathering without interacting directly with the target or alerting them. The goal is to remain undetected while collecting intelligence from publicly available sources.

Directly interacting with a threat actor on forums—even under a pseudonym—constitutes active engagement. CEH v13 warns that such interaction risks exposure, attribution, and legal complications. It can alert the adversary, cause them to alter behavior, or even retaliate.

WHOIS lookups, DNS queries, archived web content, and anonymous browsing are all passive techniques endorsed in CEH v13. These methods do not notify the target and leave minimal trace.

Thus, Option A should be avoided to maintain a low profile.

The Certified Ethical Hacker (CEH) Web Application Security module emphasizes that client-side controls cannot be trusted.

Disabling JavaScript allows attackers to bypass:

Password complexity enforcement

CAPTCHA validation

Input validation logic

Option B is the simplest and most effective CEH-approved method.

Option A is unnecessary and noisy.

Option C risks detection.

Option D is effective but more complex and detectable.

CEH explicitly teaches testers to disable JavaScript to evaluate server-side enforcement.

The correct answer is D. Expansion because the scenario emphasizes that, after the initial foothold, the attacker harvests credentials and moves laterally to compromise additional systems—routers, printers, and file servers—thereby broadening control across the internal environment. In CEH-aligned APT lifecycle descriptions, this stage is commonly associated with internal reconnaissance, privilege/credential access, lateral movement, and widening the foothold to increase resilience and reach. The attacker is no longer limited to the original compromised endpoint; instead, they are deliberately spreading to other networked assets to build operational advantage.

The sequence in the prompt is important. Initial Intrusion (A) already occurred via spear-phishing delivering the first payload to the manager’s laptop. The question asks what phase is being simulated at this point, after access is gained and the attacker is actively moving through the network. Persistence (B) refers to establishing mechanisms to maintain access (e.g., backdoors, scheduled tasks, services, persistence in credentials/accounts) so the attacker can survive reboots, password changes, or cleanup attempts. While an attacker might establish persistence during expansion, the defining action here is lateral movement and compromise of multiple internal systems, which is more directly expansion than persistence.

Search & Exfiltration (C) would involve identifying and collecting target data (in this case, sensitive research data) and transferring it out of the environment. The prompt explicitly states Alex has not yet targeted sensitive research data, which rules out the search/exfiltration phase as the primary activity being simulated right now.

Therefore, the phase of the APT lifecycle best matching credential harvesting followed by lateral movement and compromise of multiple internal devices/servers to build a broader foothold is Expansion.

The Certified Ethical Hacker (CEH) Cryptography module explains that one of the primary challenges in encryption is secure key distribution. Asymmetric encryption, also known as public-key cryptography, was specifically designed to address this issue.

In asymmetric encryption, each entity possesses a public key and a private key. The public key can be shared openly, allowing anyone to encrypt data securely, while only the corresponding private key can decrypt it. CEH documentation highlights that this model eliminates the need to transmit secret keys over insecure channels.

Option D is correct because asymmetric encryption enables secure key exchange without prior trust.

Option B (symmetric encryption) requires a shared secret key and suffers from key distribution challenges.

Option A refers to data-at-rest protection, not key exchange.

Option C provides integrity verification, not encryption.

CEH emphasizes that asymmetric encryption underpins secure protocols such as TLS and digital certificates.