ECCouncil Updated 312-50v13 Exam Questions and Answers by gruffydd

The requirements map most directly to WPA3, because WPA3-Personal replaces the legacy WPA2-PSK handshake with SAE (Simultaneous Authentication of Equals). SAE is designed to resist offline dictionary attacks: even if an attacker captures the handshake, they cannot simply take it offline and test password guesses at high speed the way they can with WPA2-PSK handshakes. This directly addresses management’s concern that a captured handshake plus a weak passphrase could enable offline cracking and eventual session key recovery.

WPA3 also strengthens per-session protection by improving how keys are established and by supporting stronger cryptographic defaults. In enterprise contexts, WPA3 aligns with stronger authentication and encryption suites, and in IoT scenarios it supports modern onboarding and improved security posture compared to older WPA2/TKIP-era configurations. The “per-session encryption” and “stronger protection” goals are consistent with WPA3’s modern design focus.

Why the other options are less suitable:

MAC address filtering (A) is not a security control against credential capture or offline attacks; MACs are easily spoofed and do not provide cryptographic protection.

802.1X authentication (B) (WPA2/WPA3-Enterprise) is very strong and removes reliance on a single shared PSK by using per-user/device credentials and dynamic keys. However, the question’s key requirement explicitly calls out preventing offline dictionary attacks even if a handshake is captured—this is most directly the hallmark improvement of WPA3-Personal (SAE). (In practice, WPA3-Enterprise with 802.1X is also excellent, but “upgrade to WPA3” is the single best match to the stated offline dictionary concern.)

Disabling TKIP (D) is good hygiene (prefer AES/CCMP), but it does not prevent WPA2-PSK handshake capture and offline cracking if PSK is used.

Therefore, the best measure to meet the stated modernization goals is C. Upgrade to WPA3.

SMTP enumeration is the correct classification because the scenario explicitly references the SMTP commands VRFY, EXPN, and RCPT, which are well-known techniques for discovering valid user accounts and email routing information on mail servers. In CEH-aligned enumeration methodology, attackers and testers use these commands to determine whether specific usernames or mailbox addresses exist. VRFY is used to verify a user, EXPN can expand a mailing list or alias into individual recipients, and RCPT TO is commonly tested during an SMTP conversation to see whether a recipient address is accepted or rejected. When a server provides detailed responses, it can leak account validity and internal addressing formats, enabling targeted phishing, password spraying against known usernames, and broader social engineering campaigns.

Although the assessment also identifies Telnet, FTP with anonymous access, TFTP, and SMB shares, those findings represent additional exposed services and misconfigurations rather than the named enumeration classification in the answer choices. LDAP enumeration would focus on directory queries against services such as LDAP or Active Directory to extract users and groups. VoIP enumeration would involve SIP endpoints, extensions, and call infrastructure. DNS enumeration would center on zone transfers, record harvesting, and subdomain discovery. The distinguishing clue here is the use of VRFY, EXPN, and RCPT, which is uniquely tied to SMTP behavior and mail server user enumeration, making SMTP Enumeration the best fit.

The correct answer is A. Sending an email to a non-existent address during an authorized penetration test can trigger a bounce-back or non-delivery report. These responses may reveal useful reconnaissance information such as mail server names, IP addresses, SMTP banners, internal hostnames, anti-spam gateways, mail routing behavior, and how the organization handles undeliverable messages. This technique supports the CEH reconnaissance and footprinting phase, where testers gather publicly or externally exposed information before deeper testing. It is not intended to create spam, identify root users, test antivirus directly, or perform a denial-of-service attack.

SHA-256 is a cryptographic hash function, and CEH v13 clearly states that hash functions alone provide data integrity, but not authenticity or non-repudiation. If attackers can modify data and recompute the hash, integrity checks will still pass.

The issue arises because SHA-256 does not prove who created or modified the data. To address this weakness, CEH v13 recommends using digital signatures, which combine hashing with asymmetric cryptography. A digital signature ensures:

Integrity (data has not changed)

Authentication (data was signed by a known entity)

Non-repudiation (the signer cannot deny the action)

Digital signatures work by hashing the data and encrypting the hash with the sender’s private key. Any modification to the data invalidates the signature.

Encryption alone (Options A and C) protects confidentiality, not integrity or authenticity. SSL/TLS (Option B) secures data in transit but does not protect stored data from tampering.

CEH v13 explicitly identifies digital signatures as the correct cryptographic control when integrity mechanisms alone are insufficient. Therefore, Option D is correct.