EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 111:

    When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

    A. Drops the packet and moves on to the next one
    B. Continues to evaluate the packet until all rules are checked
    C. Stops checking rules, sends an alert, and lets the packet continue
    D. Blocks the connection with the source IP address in the packet

  • Question 112:

    What are the differences between SSL and S-HTTP?

    A. SSL operates at the network layer and S-HTTP operates at the application layer
    B. SSL operates at the application layer and S-HTTP operates at the network layer
    C. SSL operates at the transport layer and S-HTTP operates at the application layer
    D. SSL operates at the application layer and S-HTTP operates at the transport layer

  • Question 113:

    A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

    A. The consultant will ask for money on the bid because of great work.
    B. The consultant may expose vulnerabilities of other companies.
    C. The company accepting bids will want the same type of format of testing.
    D. The company accepting bids will hire the consultant because of the great work performed.

  • Question 114:

    Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

    A. SYN scan
    B. ACK scan
    C. RST scan
    D. Connect scan
    E. FIN scan

  • Question 115:

    Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor.

    Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is given leave with pay until they can figure out what is going on.

    Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but cannot find anything out of the ordinary with them.

    What technique has Jason most likely used?

    A. Stealth Rootkit Technique
    B. ADS Streams Technique
    C. Snow Hiding Technique
    D. Image Steganography Technique

  • Question 116:

    Within the context of Computer Security, which of the following statements describes Social Engineering best?

    A. Social Engineering is the act of publicly disclosing information
    B. Social Engineering is the means put in place by human resource to perform time accounting
    C. Social Engineering is the act of getting needed information from a person rather than breaking into a system
    D. Social Engineering is a training program within sociology studies

  • Question 117:

    There are two types of honeypots- high and low interaction. Which of these describes a low interaction honeypot? Select the best answers.

    A. Emulators of vulnerable programs
    B. More likely to be penetrated
    C. Easier to deploy and maintain
    D. Tend to be used for production
    E. More detectable
    F. Tend to be used for research

  • Question 118:

    Which of the following is most effective against passwords? Select the Answer:

    A. Dictionary Attack
    B. BruteForce attack
    C. Targeted Attack
    D. Manual password Attack

  • Question 119:

    The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.

    The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.

    How would you overcome the Firewall restriction on ICMP ECHO packets?

    A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
    B. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
    C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
    D. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
    E. \> JOHNTHETRACER www.eccouncil.org -F -evade

  • Question 120:

    How many bits encryption does SHA-1 use?

    A. 64 bits
    B. 128 bits
    C. 160 bits
    D. 256 bits

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.