EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 1:

    Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets? alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

    A. The payload of 485 is what this Snort signature will look for.
    B. Snort will look for 0d0a5b52504c5d3030320d0a in the payload.
    C. Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.
    D. From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

  • Question 2:

    What is the main reason the use of a stored biometric is vulnerable to an attack?

    A. The digital representation of the biometric might not be unique, even if the physical characteristic is unique.
    B. Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.
    C. A stored biometric is no longer "something you are" and instead becomes "something you have".
    D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

  • Question 3:

    While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

    What is the most likely cause behind this response?

    A. The firewall is dropping the packets.
    B. An in-line IDS is dropping the packets.
    C. A router is blocking ICMP.
    D. The host does not respond to ICMP packets.

  • Question 4:

    You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet

    session.

    Here is the captured data in tcpdump.

    What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

    A. Sequence number: 82980070 Acknowledgement number: 17768885A.
    B. Sequence number: 17768729 Acknowledgement number: 82980070B.
    C. Sequence number: 87000070 Acknowledgement number: 85320085C.
    D. Sequence number: 82980010 Acknowledgement number: 17768885D.

  • Question 5:

    You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

    Dear valued customers,

    We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your

    antivirus code:

    Antivirus code: 5014

    http://www.juggyboy/virus/virus.html

    Thank you for choosing us, the worldwide leader Antivirus solutions.

    Mike Robertson

    PDF Reader Support

    Copyright Antivirus 2010 ?All rights reserved

    If you want to stop receiving mail, please go to:

    http://www.juggyboy.com

    or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

    How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

    A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
    B. Connect to the site using SSL, if you are successful then the website is genuine
    C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
    D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
    E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

  • Question 6:

    Jim's organization has just completed a major Linux roll out and now all of the organization's systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ.

    Which built-in functionality of Linux can achieve this?

    A. IP Tables
    B. IP Chains
    C. IP Sniffer
    D. IP ICMP

  • Question 7:

    Which of the following is an example of two factor authentication?

    A. PIN Number and Birth Date
    B. Username and Password
    C. Digital Certificate and Hardware Token
    D. Fingerprint and Smartcard ID

  • Question 8:

    Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of "intranet" with part of the URL containing the word "intranet" and the words "human resources" somewhere in the webpage.

    What Google search will accomplish this?

    A. related:intranet allinurl:intranet:"human resources"
    B. cache:"human resources" inurl:intranet(SharePoint)
    C. intitle:intranet inurl:intranet+intext:"human resources"
    D. site:"human resources"+intext:intranet intitle:intranet

  • Question 9:

    You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible.

    Which kind of scan would you use to achieve this? (Choose the best answer)

    A. Nessus scan with TCP based pings.
    B. Nmap scan with the P (Ping scan) switch.
    C. Netcat scan with the switches.
    D. Nmap with the O (Raw IP packets) switch.

  • Question 10:

    Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?

    A. Yancey would be considered a Suicide Hacker
    B. Since he does not care about going to jail, he would be considered a Black Hat
    C. Because Yancey works for the company currently; he would be a White Hat
    D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.