Selected 312-50v13 CEH v13 Questions Answers

The correct answer is C. DNS Rebinding Attack.

The key behavior is that an external website causes the victim’s browser to send requests to an internal, locally hosted IoT management interface. This is characteristic of DNS rebinding, where the attacker abuses browser trust and DNS resolution behavior so that a malicious web page can interact with private-network resources.

CEH-aligned IoT material identifies Insecure Web Interface and Insufficient Authentication/Authorization as important IoT weaknesses, especially because many device interfaces are intended to be exposed only on internal networks but can still be threatened from internal users or browser-based interaction paths . DNS rebinding specifically abuses this condition by using the victim’s browser as a bridge into the private network.

Option A. Forged Malicious Device Attack is incorrect because no rogue IoT device is being introduced.

Option B. SDR-Based Attack is incorrect because software-defined radio attacks target wireless/radio communications, not browser-based access to local web interfaces.

Option D. Distributed Denial-of-Service (DDoS) Attack is incorrect because the scenario is not about flooding or service exhaustion.

Therefore, the best answer is C. DNS Rebinding Attack.

The tool described matches Fern WiFi Cracker because CEH wireless assessment workflows commonly reference GUI-based auditing utilities that combine packet capture, wireless injection support, and key recovery attempts in one interface. The scenario specifically mentions three core capabilities: capturing wireless packets, sending de-authentication frames to trigger client reconnects, and attempting to recover the encryption key. Those steps align with the typical WPA cracking methodology discussed in CEH learning paths: capture the WPA handshake when a client connects, optionally force a reconnection by sending de-authentication frames, then perform an offline attack against the captured handshake using a wordlist or brute-force approach. Fern WiFi Cracker is known for presenting these functions through a graphical interface, making it a common example of an “all-in-one” Wi-Fi auditing tool.

The other options are defensive monitoring and prevention platforms, not offensive auditing tools used to actively deauthenticate clients or attempt key recovery. RFProtect, Cisco Adaptive Wireless IPS, and WatchGuard Wi-Fi Cloud WIPS are Wireless Intrusion Prevention and Monitoring solutions designed to detect rogue access points, identify attacks such as deauthentication floods, enforce wireless security policies, and generate alerts for security teams. They are used to stop or respond to attacks rather than conduct packet capture plus key-recovery attempts as part of an assessment.

Because the question emphasizes a single graphical interface that captures traffic, injects deauth frames, and attempts key recovery, the correct match among the choices is Fern WiFi Cracker.

Whaling is the correct answer because the scenario describes a highly targeted phishing attempt aimed at a “big fish”—a senior executive (the CEO). In CEH terminology, whaling is a specialized form of phishing that focuses on high-profile, high-authority individuals (e.g., CEOs, CFOs, directors) to maximize impact. These targets often have access to sensitive data, financial approvals, privileged systems, and strategic communications, making their credentials significantly more valuable than those of typical employees.

The attacker (Clara) uses classic social engineering drivers emphasized in CEH training: authority (impersonating the legal department), urgency/fear (a “pending lawsuit”), and trust in internal processes (a link to a supposed internal portal). This combination is designed to short-circuit normal verification behavior and prompt quick compliance. The inclusion of a credential-harvesting link aligns with common phishing goals: capturing usernames/passwords, enabling account takeover, and potentially facilitating broader compromise (e.g., email access for business email compromise, lateral movement, or privileged escalation).

Why the other options are less accurate: Spear phishing is also targeted, but it is a broader category aimed at specific individuals or groups at any level. The defining clue here is the executive-level target, which elevates it to whaling. Clone phishing involves copying a legitimate email previously received and swapping a malicious link or attachment—this detail is not present. Consent phishing typically abuses legitimate OAuth/app consent flows rather than a fake portal requesting credentials.

The CEH Network Scanning module explains that ICMP Echo Requests are often filtered or blocked by firewalls, routers, or host-based security controls as a defensive measure to reduce reconnaissance exposure.

When systems fail to respond to ICMP Echo Requests but continue to function normally for other services, CEH indicates that this behavior typically means ICMP traffic is being blocked, not that the host is offline or compromised.

Option B is correct.

Option A would affect all services.

Option C lacks supporting indicators.

Option D is speculative and unreliable.

CEH emphasizes that ICMP filtering is common in hardened networks.