New Release 312-50v13 CEH v13 Questions

The correct answer is A. Footprinting through Social Networking Sites.

The scenario describes the collection of intelligence from platforms where employees publish professional profiles, technical competencies, workplace relationships, project references, and organizational terminology. This is a classic example of footprinting through social networking sites.

CEH reconnaissance material identifies Footprinting through Social Networking Sites as a specific footprinting methodology . It also explains that social networking platforms can provide information such as personal details, work details, technology-related information, employee lists, activities, interests, and the nature of business . This directly matches the scenario’s use of employee profiles, skills, conversations, and terminology to infer internal structure and technologies.

Option B. Footprinting through Internet Research Services is incorrect because that usually refers to using online lookup services, business intelligence sites, public directories, or specialized research platforms rather than employee social networking activity.

Option C. Footprinting through Social Engineering is incorrect because the scenario does not involve manipulating or deceiving people into revealing information. The information is collected passively from publicly available profiles and discussions.

Option D. Footprinting through Search Engines is incorrect because the scenario does not primarily describe Google/Bing search operators or cached search results. It focuses on social networking platforms.

Therefore, the best answer is A. Footprinting through Social Networking Sites.

CEH’s SQL Injection coverage distinguishes between classic (error-based), union-based, boolean-based blind, and time-based blind SQL injection. Time-based blind SQL injection is used when the application does not return database errors or query results to the attacker (no visible output), but the attacker can infer execution behavior by measuring response delays.

A time-based payload intentionally triggers a database delay function (for example, SLEEP(), WAITFOR DELAY, pg_sleep() depending on DBMS). If the injection is successful, the page response time increases predictably, confirming that attacker-controlled SQL is being executed.

Option C is the correct time-based blind probe because it uses conditional logic (IF(1=1, SLEEP(5), 0)) to cause a measurable delay only when the injected condition evaluates true. CEH teaches that this technique is particularly effective against hardened applications that suppress errors and sanitize outputs, because timing becomes the side-channel for confirmation.

Option A and Option D are UNION-based payload patterns intended to extract data via returned result sets, which time-based blind scenarios typically do not provide. Option B is a classic authentication-bypass/boolean test; it can indicate injection but does not specifically validate time-based blind behavior when output is not observable.

CEH mitigation guidance includes parameterized queries, strict input validation, least-privilege DB accounts, WAF tuning, and centralized logging to detect anomalous query timing patterns.

Insecure communication is defined in CEH’s mobile and IoT security modules as the failure to encrypt sensitive data transmitted between a device and a server. When applications use plain HTTP instead of HTTPS, all traffic—including authentication tokens, user identifiers, and session data—can be monitored and altered by an attacker through network sniffing or man-in-the-middle attacks. CEH emphasizes that insecure transport channels represent one of the most common and critical weaknesses in mobile ecosystems, allowing attackers to harvest credentials or inject malicious commands. Security misconfiguration refers to improper server settings, while SSL pinning issues involve certificate validation bypassing. Insufficient input validation pertains to application-side data validation. None of these align as directly as insecure communication, which precisely describes the unencrypted data exposure.

OSINT-based reconnaissance includes using search engines to identify publicly exposed cloud assets. CEH highlights Google dorking as a passive method to reveal S3 buckets indexed in search engines through patterns such as site:s3.amazonaws.com or keyword-based queries.