The Cybersecurity Trail

A path to cyber mastery

EC-Council CEH Practice Tests

CEH v13 Domain 7.1 Practice Test 002

ByThe Test Master

Apr 21, 2026 #CEH, #EC-Council, #mobile platforms

This practice test covers Domain 7 (Mobile Platform, IoT, and OT Hacking) Subdomain 1 (Hacking Mobile Platforms) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 7.1 Practice Test 002
10 questions • 8 single-answer, 2 multi-select
Question 1
Clark has gained physical access to an unlocked Android device belonging to a corporate executive during a red team engagement. He connects the device to his laptop, enables USB debugging, and uses the Android Debug Bridge to extract the device's entire application data directory including stored credentials, session tokens, and encrypted chat logs. Which Android attack technique did Clark exploit?
    Question 2
    A mobile penetration tester is assessing a corporate-issued iPhone running iOS 16 to determine whether Apple's code signing restrictions and Secure Enclave protections are effective against local exploitation. She uses a publicly available exploit chain to achieve an untethered jailbreak, gaining root access and installing Cydia to deploy testing tools that Apple's App Store would normally reject. What is the primary security control that iOS jailbreaking circumvents?
      Question 3
      Select all that apply
      A security team at a financial enterprise is reviewing the attack surface of their mobile device fleet, which is managed through an MDM solution, after a threat intelligence report identified increased targeting of mobile endpoints by nation-state actors. They must brief leadership on the two attack vectors that most commonly allow adversaries to compromise managed Android and iOS devices without requiring physical access to the hardware. Which two attack vectors most frequently enable remote compromise of enterprise mobile devices? (Choose two)
        Question 4
        Jane is conducting a mobile security assessment and crafts a malicious APK that impersonates a legitimate banking application using the same icon and display name as a well-known financial institution's app. She distributes the fake APK through a spear-phishing SMS message, and the attack succeeds only on devices where the victim has already modified a specific built-in Android security setting. Which Android security feature must be disabled on the victim's device for Jane's fake APK to install successfully?
          Question 5
          A corporate security analyst reviewing a BYOD policy discovers that several employees' iPhones have been silently redirecting all network traffic through an external proxy after receiving a spear-phishing email containing a .mobileconfig file attachment. The attacker bypassed Apple's App Store review process entirely by exploiting iOS's built-in support for over-the-air device configuration, installing a persistent traffic interception mechanism that survives app removal. Which iOS attack vector did the attacker leverage?
            Question 6
            Elijah is performing a red team exercise against a healthcare organization and discovers a critical vulnerability in the MDM server's administrative portal that allows unauthenticated remote code execution. After gaining console access, he uses the MDM platform's legitimate over-the-air management features to push a malicious VPN configuration profile to all 4,000 enrolled devices, silently routing every device's traffic through a server he controls. Which attack technique did Elijah use to achieve fleet-wide compromise?
              Question 7
              Select all that apply
              A security analyst is building a mobile application testing lab to evaluate Android applications submitted for enterprise deployment, and must select tools capable of performing both static analysis of APK files and dynamic runtime analysis of application behavior including API calls, file system access, and network traffic. The organization requires open-source or widely recognized industry tools that support automated reporting for compliance documentation. Which two tools are most appropriate for Android application security testing? (Choose two)
                Question 8
                Kevin is targeting a C-suite executive's iPhone during a physical red team engagement and knows the device has USB Restricted Mode enabled, preventing standard ADB-equivalent access over the Lightning connector after one hour without unlock. He uses a commercial forensic tool that exploits a hardware-level vulnerability in the device's bootrom to extract the full decrypted filesystem image, bypassing the PIN, Face ID, and USB restriction entirely, then analyzes the image offline with iLEAPP for artifacts. Which iOS exploitation technique did Kevin leverage?
                  Question 9
                  An industrial facility's security team discovers that a field engineer's hardened Android Enterprise device — used to remotely access SCADA dashboards over an LTE connection — was compromised when an attacker deployed a fake cellular base station near the facility that forced the device to downgrade from LTE to a 2G connection, stripping encryption and intercepting authentication tokens in plaintext. The security team reviews the device's network logs and finds repeated registration events on an unlicensed frequency band at unusually high signal strength. Which cellular network attack did the attacker execute?
                    Question 10
                    A mobile application penetration tester is reviewing an Android application submitted for enterprise approval and discovers it requests READ_CONTACTS, ACCESS_FINE_LOCATION, RECORD_AUDIO, and READ_CALL_LOG permissions at install time, far beyond what its stated purpose as a productivity tool would require. She confirms through dynamic analysis with Burp Suite that the application silently transmits all harvested data to a remote server over HTTPS at regular intervals without any user notification or visible functionality tied to the data collection. Which category of mobile malware best describes this application?
                      Answered: 0/10

                      Related Post

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 6.1 Practice Test 002

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 5.3 Practice Test 002

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 5.2 Practice Test 002

                      Leave a Reply

                      Your email address will not be published. Required fields are marked *

                      You missed

                      EC-Council CEH Practice Tests

                      CEH v13 Domain 7.1 Practice Test 002

                      April 21, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 6.1 Practice Test 002

                      April 21, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 5.3 Practice Test 002

                      April 21, 2026 The Test Master
                      EC-Council CEH Practice Tests

                      CEH v13 Domain 5.2 Practice Test 002

                      April 21, 2026 The Test Master