| Exam Name: | Certified Ethical Hacker Exam (CEHv13) | ||
| Exam Code: | 312-50v13 Dumps | ||
| Vendor: | ECCouncil | Certification: | CEH v13 |
| Questions: | 797 Q&A's | Shared By: | haniya |
At Horizon Legal Services in Boston, Massachusetts, ethical hacker Daniel Price is tasked with assessing the security of the firm ' s mobile case-tracking app. During testing, he finds that confidential case notes and client records are kept locally on the device without encryption. By browsing the file system with a standard explorer tool, he can open sensitive information without any authentication. Which OWASP Top 10 Mobile Risk is most clearly present in the app?
At Norwest Freight Services, Simon, a junior analyst, is tasked with running a vulnerability scan on several departmental servers. This time, he is provided with administrator-level credentials to input into the scanner. The scan takes significantly longer than usual but returns detailed results, including weak registry permissions, outdated patches, and insecure configuration files that would not have been visible to an outsider. SIEM logs confirm that successful logins occurred during the scanning process.
Which type of vulnerability scan best explains the behavior observed in Simon ' s assessment?
While auditing legacy network devices at a public hospital in Miami, Jason, a penetration tester, needs to verify what SNMP traffic is leaking across the internal segment. Instead of running structured queries, he decides to capture live network traffic and manually review the protocol fields. This method allows him to see SNMP requests and responses in transit but requires manual parsing of OIDs, community strings, and variable bindings.
Which method should Jason use in this situation?
During a code review at a defense technology contractor in Virginia, penetration tester Lucas identifies that a newly deployed payroll application encrypts sensitive employee data using a weak custom algorithm. In addition, its session validation logic allows certain requests to bypass access controls altogether. These oversights are traced back to flawed system logic and poor encryption design decisions made during the development phase.
Which vulnerability category BEST describes the issue Lucas discovered?