CEH v13 Domain 7.1 Practice Test 004

By /

This practice test covers Domain 7 (Mobile Platform, IoT, and OT Hacking) Subdomain 1 (Hacking Mobile Platforms) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 7.1 Practice Test 004
10 questions • 8 single-answer, 2 multi-select
Question 1
Elijah downloads a popular Android game, inserts malicious code into its installer, and re-signs it with his own certificate. He then uploads the trojanized build to a third-party store to lure victims. Which technique describes his actions?
    Question 2
    A security analyst examines an iPhone that has been modified to remove Apple's built-in restrictions, enabling root access and unsigned tweaks. The user installed Cydia to load software outside the official App Store. What process enabled this state?
      Question 3
      Jane receives a text message claiming to be from her bank, urging her to click a link and confirm credentials on a spoofed login page. The message relies on urgency to pressure her into acting. Which mobile attack is this?
        Question 4
        An enterprise security team wants to enforce passcode policies, remotely wipe lost devices, and push approved apps across all corporate smartphones. They deploy one centralized platform to control the entire mobile fleet. Which technology meets this requirement?
          Question 5
          Select all that apply
          Kevin reviews the OWASP Mobile Top 10 to harden a banking application against common weaknesses. He focuses on flaws that directly expose sensitive information held on the device itself. Which two issues should he prioritize? (Choose two)
            Question 6
            Clark walks through a crowded airport using a laptop to silently pull contacts and calendar entries from nearby phones left with Bluetooth discoverable. He extracts data from poorly secured devices without the owners' knowledge. Which attack is he conducting?
              Question 7
              A penetration tester dynamically analyzes an Android app by hooking into running functions to bypass root detection and SSL pinning at runtime. The framework injects JavaScript into the live process to alter its behavior. Which tool is being used?
                Question 8
                A red team deploys hidden monitoring software onto a target's Android phone to secretly record calls, log keystrokes, and track GPS location. The software runs invisibly and exfiltrates data to a remote console. What category of software is this?
                  Question 9
                  Select all that apply
                  A security consultant advises a firm on protecting executive iPhones from compromise. She recommends controls that meaningfully reduce the attack surface of the mobile fleet. Which measures should she include? (Select all that apply)
                    Question 10
                    Maria persuades a mobile carrier's support agent to move a victim's phone number onto a new card she controls. She then intercepts the one-time passcodes texted to that number to seize the victim's online accounts. Which attack did she execute?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top