ECCouncil Updated 312-50v13 Exam Questions and Answers by evie-mae

Many network and system administrators don't pay enough attention to system clock accuracy and time synchronization. Computer clocks can run faster or slower over time, batteries and power sources die, or daylight-saving time changes are forgotten. Sure, there are many more pressing security issues to deal with, but not ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident.

If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network's security devices do not have synchronized times, the timestamps' inaccuracy makes it impossible to correlate log files from different sources. Not only will you have difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won't be able to illustrate a smooth progression of events as they occurred throughout your network.

A Kernel-level rootkit operates at the core of the operating system (OS kernel), enabling the attacker to:

Modify or replace kernel code

Load malicious kernel modules

Hide files, processes, and backdoors at a level that is difficult for standard security tools to detect

According to CEH v13:

Kernel-mode rootkits are highly stealthy and dangerous because they run with the highest privileges.

These rootkits modify system calls and memory structures in the kernel space to conceal malicious activity.

Incorrect Options:

A. User-mode rootkits operate at the application layer and are less stealthy than kernel-level rootkits.

B. Library-level rootkits manipulate standard libraries (like libc) to intercept calls.

D. Hypervisor-level rootkits run beneath the OS (e.g., via virtualization) and are extremely rare and complex.

Reference – CEH v13 Official Courseware:

Module 06: Malware Threats

Section: “Types of Rootkits”

Subsection: “Kernel-Mode Rootkits vs. User-Mode Rootkits”

The command uses sqlmap, a powerful SQL injection and database penetration testing tool. The flag -u specifies the target URL, and -dbs instructs sqlmap to enumerate the available databases on the DBMS behind that URL.

Command Breakdown:

-u: Target URL with injectable parameters

-dbs: Retrieve and enumerate all available database names

This is a common first step in identifying vulnerable DBMS structures after confirming SQL injection.

Incorrect Options:

A. Backdoor creation is not the default function of sqlmap.

C. Retrieving SQL statements would require additional options like --trace or --sql-query.

D. Option D is not technically accurate—sqlmap is used for injection and enumeration, not searching statements.

Reference – CEH v13 Official Courseware:

Module 14: Hacking Web Applications

Section: “SQL Injection Tools and Automation”

Tool Reference: sqlmap usage and options

===========

Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT, etc. Note: The “ext:” operator can also be used—the results are identical.

Example: apple filetype:pdf / apple ext:pdf