ECCouncil Updated 312-50v13 Exam Questions and Answers by emmy

TCP port 21 is used by the File Transfer Protocol (FTP), which is an unencrypted protocol. To detect if unencrypted file transfers are taking place, you can apply the Wireshark display filter:

tcp.port == 21

This will show all traffic to and from FTP servers. Since FTP transmits usernames, passwords, and data in clear text, its use would violate the company’s policy.

CEH v13 states:

“FTP (Port 21) is a cleartext protocol vulnerable to sniffing. To enforce secure communication, companies often transition to SFTP (over SSH, port 22) or FTPS (FTP over TLS/SSL).”

Incorrect Options:

B. Port 23 is used for Telnet, not FTP.

C. Combining FTP (21) and SSH/SFTP (22) would include encrypted traffic, which is not what you're trying to isolate.

D. tcp.port != 21 filters out FTP traffic, which is the opposite of the intended goal.

Reference – CEH v13 Guide:

Module 01: Introduction to Ethical Hacking

Subsection: Sniffing and Cleartext Protocols

Wireshark iLab: Identifying FTP Traffic

=

Whitelist validation (also known as allowlist validation) is a robust defensive strategy where only pre-approved input formats are accepted. This includes:

Restricting input to specific data types (e.g., integer, string)

Limiting size, format, or allowed characters

Accepting only expected values (e.g., country codes, age ranges)

This practice is highly effective in mitigating SQL injection and other input-based attacks.

Incorrect Options:

A. Output encoding prevents XSS by encoding output but doesn't validate input.

B. Enforcing least privilege is an access control principle.

D. Blacklist validation is less secure and attempts to block known bad inputs, which may be bypassed.

Reference – CEH v13 Official Courseware:

Module 14: Hacking Web Applications

Section: “Input Validation and SQL Injection Mitigation”

Subsection: “Whitelist vs Blacklist Input Validation”

=

In CEH v13 Module 10: Vulnerability Assessment, the Vulnerability Management Lifecycle is defined with the following structured steps:

Identify assets & baseline (Step 2)

Vulnerability scanning (Step 5)

Risk assessment/prioritization (Step 6)

Remediation (Step 1)

Verification (Step 3)

Continuous monitoring (Step 4)

So the correct lifecycle flow is:

2 → 5 → 6 → 1 → 3 → 4

This ensures vulnerabilities are identified, assessed, remediated, validated, and monitored on an ongoing basis.

This scenario represents a classic baiting attack, a social engineering technique explicitly described in CEH v13 Social Engineering. In baiting, attackers exploit human curiosity or greed by leaving behind a malicious physical device—most commonly a USB drive—with an enticing label. When the victim plugs the device into a system, malware is automatically executed, leading to compromise.

Option A precisely captures this behavior. The label “Employee Salary Info 2024” is intentionally designed to entice the victim into interacting with the device. CEH v13 highlights USB baiting as particularly dangerous because it bypasses technical controls and relies solely on human behavior.

Option B describes pretexting, which involves impersonation. Option C refers to dumpster diving. Option D describes tailgating, a physical access attack. None of these match the USB-based lure described.

CEH v13 emphasizes that baiting attacks are highly effective in corporate environments and recommends strong security awareness training and disabling USB autorun features as mitigation.