ECCouncil Updated 312-50v13 Exam Questions and Answers by nicole

Shellshock (CVE-2014-6271) is a vulnerability in the GNU Bash (Bourne Again Shell) that allows remote code execution via crafted environment variables. It was disclosed in 2014 and had a wide impact on systems that relied on Bash as a command-line shell interpreter.

Affected systems include:

Linux distributions (Red Hat, Debian, CentOS, Ubuntu, etc.)

Unix variants (e.g., FreeBSD, OpenBSD, etc.)

Apple macOS (formerly OS X), since it uses Bash as the default shell

Windows systems were not directly affected because they do not use Bash by default. Bash is not a native component of Windows operating systems, and Shellshock exploits Bash-specific behavior. Only Windows systems where Bash was manually installed through a third-party method or environment (e.g., Cygwin) might be susceptible — but by default, Windows systems are immune.

Incorrect options:

A. Linux — Affected

B. Unix — Affected

C. OS X — Affected

D. Windows — Not directly affected (Correct answer)

Zero Trust Networks The Zero Trust model is a security implementation that by default assumes every user trying to access the network is not a trusted entity and verifies every incoming connection before allowing access to the network.It strictly follows the principle, “Trust no one and validate before providing a cloud service or granting access permission.”It also allows companies to impose conditions, such as allowing employees to only access the appropriate resources required for their work role. (P.2997/2981)

Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control.

The Certified Ethical Hacker (CEH) Social Engineering module defines tailgating as a physical social engineering attack where an unauthorized person follows an authorized individual into a restricted area.

Option C precisely matches CEH’s definition.

Option A is pretexting.

Option B is baiting.

Option D is phishing.

CEH stresses physical security awareness as critical as cyber defenses.

The SSID (service set identifier) is the name of your wireless network. SSID broadcast is how your router transmits this name to surrounding devices. Its primary function is to make your network visible and easily accessible. Most routers broadcast their SSIDs automatically. To disable or enable SSID broadcast, you need to change your router’s settings.

Disabling SSID broadcast will make your Wi-FI network name invisible to other users. However, this only hides the name, not the network itself. You cannot disguise the router's activity, so hackers can still attack it.

With your network invisible to wireless devices, connecting becomes a bit more complicated. Just giving a Wi-FI password to your guests is no longer enough. They have to configure their settings manually by including the network name, security mode, and other relevant info.

Disabling SSID might be a small step towards online security, but by no means should it be your final one. Before considering it as a security measure, consider the following aspects:

- Disabling SSID broadcast will not hide your network completely

Disabling SSID broadcast only hides the network name, not the fact that it exists. Your router constantly transmits so-called beacon frames to announce the presence of a wireless network. They contain essential information about the network and help the device connect.

- Third-party software can easily trace a hidden network

Programs such as NetStumbler or Kismet can easily locate hidden networks. You can try using them yourself to see how easy it is to find available networks – hidden or not.

- You might attract unwanted attention.

Disabling your SSID broadcast could also raise suspicion. Most of us assume that when somebody hides something, they have a reason to do so. Thus, some hackers might be attracted to your network.