ECCouncil Updated 312-50v13 Exam Questions and Answers by ernie

Outdated server software often contains memory corruption flaws. CEH notes that buffer overflow exploits are a primary method for compromising vulnerable server binaries, allowing remote code execution. This approach targets the underlying service rather than application-layer input validation issues.

CEH v13 defines a Trojan as malware that appears as a legitimate, trusted software application while secretly executing malicious actions behind the scenes. Trojans rely on deception rather than replication, often masquerading as tools, utilities, updates, or installers. Once executed, they may install backdoors, steal credentials, exfiltrate data, or modify system settings. The defining characteristic emphasized in CEH is the legitimate-looking façade combined with hidden malicious intent, which matches the scenario perfectly. Spyware (Option B) focuses on monitoring and data collection but does not necessarily disguise itself as legitimate software. Worms (Option C) self-replicate across networks, which is not described here. Rootkits (Option D) hide system compromise but do not necessarily pose as legitimate software. Therefore, the malware described is a Trojan.

Padding oracle attacks exploit systems that reveal differences in error responses when incorrectly padded ciphertext is submitted. CEH explains that these variations allow attackers to iteratively determine valid padding bytes and ultimately decrypt or modify encrypted data without knowledge of the key.

WEP is the only option that matches the combination of RC4 and a 24-bit initialization vector. In CEH materials, WEP is described as an early Wi-Fi security standard that uses the RC4 stream cipher together with a short 24-bit IV that is concatenated with a shared secret key to form the per-packet RC4 key stream. The critical weakness is that a 24-bit IV is far too small for busy networks. Because there are only about 16.7 million possible IV values, IV reuse occurs quickly, especially under high traffic. When IVs repeat, the same RC4 key stream can be reused, allowing attackers to apply statistical attacks against captured packets and recover the WEP key. CEH emphasizes that the problem is not only IV reuse but also weaknesses in how WEP uses RC4 with IVs, enabling practical key recovery using readily available tools once enough packets are collected.

WPA and WPA2 improved on WEP by introducing stronger key management and integrity protections. WPA uses TKIP, which still relies on RC4 in many deployments, but it does not use a simple 24-bit IV in the same weak manner as WEP and includes per-packet key mixing and additional integrity checks. WPA2 and WPA3 move away from RC4 entirely, using AES-based protections such as CCMP for WPA2 and more modern enhancements in WPA3. Therefore, the observed RC4 with a 24-bit IV precisely identifies WEP.