CEH v13 Domain 7.1 Practice Test 003

By /

This practice test covers Domain 7 (Mobile Platform, IoT, and OT Hacking) Subdomain 1 (Hacking Mobile Platforms) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link

CEH v13 Domain 7.1 Practice Test 003
10 questions • 8 single-answer, 2 multi-select
Question 1
Clark, a red team operator engaged by a financial institution, discovers that the target CFO's Android device has 'Unknown Sources' installation enabled and is not enrolled in any MDM solution. He crafts a malicious APK mimicking the company's internal expense reporting app and delivers it through a spear-phishing SMS message. Which mobile platform attack vector is Clark exploiting?
    Question 2
    A penetration tester connects a target Android device to her workstation using a USB cable and verifies that USB debugging is enabled under Developer Options on the device. She issues commands to spawn a shell session on the device, retrieve the full list of installed packages, and extract files from the /data/data directory where application data is stored. Which tool is the penetration tester most likely using?
      Question 3
      An enterprise organization deploys an MDM solution requiring all corporate smartphones to enroll before accessing internal email and VPN resources. During a red team exercise, the tester compromises a help desk administrator account and uses the MDM administrative portal to push a new enrollment profile to a target employee's device without the employee's knowledge. Which mobile attack technique is being demonstrated?
        Question 4
        Jane is conducting a physical security assessment of an executive's iPhone running iOS 16.3 and needs to install unsigned offensive security tools that are unavailable through the App Store. She researches a publicly disclosed kernel vulnerability for the iOS version, applies a corresponding exploit to remove the kernel's code-signing enforcement and application sandboxing, and gains unrestricted root access to the device filesystem. What is this iOS process formally called?
          Question 5
          Kevin intercepts an APK file hosted on a third-party app store and suspects it contains hardcoded API credentials and obfuscated malicious logic embedded within the compiled bytecode. He needs to reverse-engineer the APK back into human-readable Java source code and Smali intermediate representation to perform a thorough static code review. Which tool is Kevin most likely using?
            Question 6
            Select all that apply
            A security team is building a mobile threat model for a healthcare company's BYOD program and must categorize the primary attack surfaces that affect smartphones and tablets in a clinical environment. They reference the CEH mobile hacking framework to ensure their threat model aligns with established mobile attack classifications. Which of the following are primary mobile platform attack vectors documented in the CEH v13 framework? (Choose two)
              Question 7
              Elijah has obtained ADB shell access to a previously rooted Android device managed with Magisk during an authorized security engagement and needs to escalate from the standard shell user context to a full root context. He enters the 'su' command at the shell prompt and a permissions dialog immediately appears on the device screen requesting authorization before granting elevated access. Which Android root management mechanism is controlling this access request?
                Question 8
                During an authorized assessment of a corporate iOS device fleet, the tester configures a rogue Wi-Fi access point matching the corporate SSID and serves a malicious Apple .mobileconfig file disguised as a mandatory enterprise security certificate update. After employees connect to the rogue AP and accept the profile, a custom root CA certificate is installed that enables the attacker to decrypt and inspect all TLS sessions originating from affected iPhones. Which iOS-specific attack technique is being used?
                  Question 9
                  Select all that apply
                  A penetration tester is conducting a mobile application security assessment against an iOS banking app and needs to analyze both the application's behavior at runtime and perform comprehensive automated analysis including API traffic inspection. She selects two tools from her mobile security toolkit that together enable thorough coverage of both static and dynamic mobile application testing requirements. Which of the following tools are used for mobile application penetration testing? (Choose two)
                    Question 10
                    Jane is auditing a newly submitted Android application for enterprise approval and discovers that a simple flashlight utility requests runtime permissions for Contacts, Microphone, Fine Location, and Camera in addition to the expected Flashlight hardware permission. She must formally classify this finding under the OWASP Mobile Top 10 (2016) to include it in the risk report presented to the security review board. Which OWASP Mobile Top 10 category best describes the excessive permission request risk?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top