ECCouncil Updated 312-50v13 Exam Questions and Answers by ariah

Insecure Deserialization is the best match because the scenario explicitly describes user-supplied data being processed during object reconstruction. In CEH-aligned web application security concepts, deserialization is the process of taking serialized data, such as JSON, XML, YAML, or binary objects, and converting it back into in-memory objects the application can use. When an application accepts serialized objects from an untrusted source and reconstructs them without strong validation, integrity checks, and safe type constraints, an attacker can tamper with the serialized content to alter object fields, inject unexpected object types, or trigger unsafe behaviors during reconstruction.

The key clue is that Sophia uploads a crafted template file and gains administrative access and access to restricted dashboards. That outcome commonly occurs when a deserialized object contains role, permission, or account attributes that the server trusts, or when deserialization triggers privileged logic through gadget chains or unsafe callbacks. The prompt also rules out database queries, client-side code execution, and session manipulation, which eliminates common alternatives like SQL injection, XSS, and session hijacking. Local file inclusion would involve forcing the server to include local files using path manipulation, which is not described here. Verbose error messages can leak information but do not directly grant admin access.

Mitigations emphasized in ethical hacking guidance include never deserializing untrusted data when avoidable, enforcing strict allowlists of types, applying cryptographic signing or HMAC integrity validation to serialized data, using safer data formats with explicit schemas, regenerating authorization decisions server-side rather than trusting client-provided object attributes, and logging and blocking anomalous deserialization attempts.

The correct answer is DNS interrogation. CEH reconnaissance guidance explains that active footprinting involves direct interaction with the target environment, which can generate logs or alerts. DNS interrogation is an active technique used to query name servers for information about domain structure, hostnames, mail servers, subdomains, and other records that reveal how public-facing systems are logically arranged. The question specifically says Justin is retrieving structural details about the organization’s public-facing systems and that his activity is logged by the target, which is consistent with active DNS queries. Network or port scanning is also active, but it focuses on discovering open ports and reachable services rather than the logical naming and organizational structure of public systems. Social engineering is human-focused, and user and service enumeration typically aims at accounts or system services rather than domain structure. CEH materials repeatedly emphasize DNS as a rich reconnaissance source because records such as A, MX, NS, TXT, and SOA can reveal infrastructure relationships and naming conventions. Since the goal is to understand how the organization’s internet-facing systems are organized and represented, DNS interrogation is the best fit.

The correct answer is External Scanning. CEH vulnerability assessment material explains that external scanning evaluates the systems, services, and exposures visible to parties outside the organization, typically from the perspective of an internet-based attacker. In this scenario, the consultants are reviewing infrastructure reachable through publicly registered domain records, identifying open ports on exposed servers, checking for outdated components, and reviewing DNS information that is visible to remote systems. Those activities clearly indicate an external perspective. Network-based scanning is broader and can occur either internally or externally, so it is not the most precise answer here. Internal scanning would assess assets from inside the organization’s environment, and manual scanning would describe the method rather than the exposure perspective. CEH emphasizes that external scans are used to understand the public attack surface, including internet-facing services, exposed applications, open ports, SSL/TLS posture, and domain-related information available to outsiders. Because the engagement is centered on what can be reached and learned from outside the network through public records and exposed hosts, the scan is best classified as External Scanning.

The correct answer is B. Information Warfare.

The scenario describes the strategic use of information, communication systems, digital influence, and disruption of critical systems to gain an advantage over an opponent. This aligns with Information Warfare.

CEH-aligned material defines information warfare as the use of information and communication technology to gain an advantage over an opponent or enemy. It also explains that offensive information warfare prevents, modifies, or disrupts information and information-based processes by affecting confidentiality, integrity, and availability .

Option A. Cyber Espionage is incorrect because espionage focuses mainly on stealing information, not broadly manipulating perception and degrading infrastructure.

Option C. Hacktivism is incorrect because hacktivism is usually ideologically or politically motivated activism using hacking techniques.

Option D. Cyberterrorism is incorrect because cyberterrorism is intended to create fear, panic, or violence for political or ideological objectives. The broader coordinated use of information and communication capabilities is best classified as information warfare.

Therefore, the best answer is B. Information Warfare.