ECCouncil Updated 312-50v13 Exam Questions and Answers by haniya

Insecure Deserialization is the best match because the scenario explicitly describes user-supplied data being processed during object reconstruction. In CEH-aligned web application security concepts, deserialization is the process of taking serialized data, such as JSON, XML, YAML, or binary objects, and converting it back into in-memory objects the application can use. When an application accepts serialized objects from an untrusted source and reconstructs them without strong validation, integrity checks, and safe type constraints, an attacker can tamper with the serialized content to alter object fields, inject unexpected object types, or trigger unsafe behaviors during reconstruction.

The key clue is that Sophia uploads a crafted template file and gains administrative access and access to restricted dashboards. That outcome commonly occurs when a deserialized object contains role, permission, or account attributes that the server trusts, or when deserialization triggers privileged logic through gadget chains or unsafe callbacks. The prompt also rules out database queries, client-side code execution, and session manipulation, which eliminates common alternatives like SQL injection, XSS, and session hijacking. Local file inclusion would involve forcing the server to include local files using path manipulation, which is not described here. Verbose error messages can leak information but do not directly grant admin access.

Mitigations emphasized in ethical hacking guidance include never deserializing untrusted data when avoidable, enforcing strict allowlists of types, applying cryptographic signing or HMAC integrity validation to serialized data, using safer data formats with explicit schemas, regenerating authorization decisions server-side rather than trusting client-provided object attributes, and logging and blocking anomalous deserialization attempts.

The requirements map most directly to WPA3, because WPA3-Personal replaces the legacy WPA2-PSK handshake with SAE (Simultaneous Authentication of Equals). SAE is designed to resist offline dictionary attacks: even if an attacker captures the handshake, they cannot simply take it offline and test password guesses at high speed the way they can with WPA2-PSK handshakes. This directly addresses management’s concern that a captured handshake plus a weak passphrase could enable offline cracking and eventual session key recovery.

WPA3 also strengthens per-session protection by improving how keys are established and by supporting stronger cryptographic defaults. In enterprise contexts, WPA3 aligns with stronger authentication and encryption suites, and in IoT scenarios it supports modern onboarding and improved security posture compared to older WPA2/TKIP-era configurations. The “per-session encryption” and “stronger protection” goals are consistent with WPA3’s modern design focus.

Why the other options are less suitable:

MAC address filtering (A) is not a security control against credential capture or offline attacks; MACs are easily spoofed and do not provide cryptographic protection.

802.1X authentication (B) (WPA2/WPA3-Enterprise) is very strong and removes reliance on a single shared PSK by using per-user/device credentials and dynamic keys. However, the question’s key requirement explicitly calls out preventing offline dictionary attacks even if a handshake is captured—this is most directly the hallmark improvement of WPA3-Personal (SAE). (In practice, WPA3-Enterprise with 802.1X is also excellent, but “upgrade to WPA3” is the single best match to the stated offline dictionary concern.)

Disabling TKIP (D) is good hygiene (prefer AES/CCMP), but it does not prevent WPA2-PSK handshake capture and offline cracking if PSK is used.

Therefore, the best measure to meet the stated modernization goals is C. Upgrade to WPA3.

Social engineering attacks that target business processes are especially effective when they mimic legitimate workflows. CEH learning materials emphasize that attackers often exploit trust relationships and organizational procedures rather than attempting broad or generic phishing methods. In the context of HR operations, onboarding portals are highly trusted and frequently accessed by new employees who expect to enter personal information, submit documents, and receive initial network credentials. By creating a fake onboarding portal that closely resembles the organization’s internal system, an attacker can collect credentials without triggering suspicion because the action being requested appears normal and expected. This method leverages procedural familiarity, brand consistency, and the implied authority of HR communications, making it far more effective than generic phishing emails or unsolicited social media messages. Phone calls, while sometimes useful, involve real-time interaction and increase the chance of detection. The fake portal, however, seamlessly integrates into existing processes, making it the most effective and lowest-profile approach for acquiring network credentials.

Pretexting is defined in CEH v13 Social Engineering as an attack where the attacker fabricates a believable scenario and impersonates a trusted individual to gain sensitive information.

This differs from phishing (mass messaging), baiting (malicious incentives), and quid pro quo (exchange of favors).