EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 141:

    How does traceroute map the route a packet travels from point A to point B?

    A. Uses a TCP timestamp packet that will elicit a time exceeded in transit message
    B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message
    C. Uses a protocol that will be rejected by gateways on its way to the destination
    D. Manipulates the flags within packets to force gateways into generating error messages

  • Question 142:

    While examining a log report you find out that an intrusion has been attempted by a machine whose IP address is displayed as 0xde.0xad.0xbe.0xef. It looks to you like a hexadecimal number. You perform a ping 0xde.0xad.0xbe.0xef. Which of the following IP addresses will respond to the ping and hence will likely be responsible for the intrusion?

    A. 192.10.25.9
    B. 10.0.3.4
    C. 203.20.4.5
    D. 222.273.290.239

  • Question 143:

    What type of port scan is represented here.

    A. Stealth Scan
    B. Full Scan
    C. XMAS Scan
    D. FIN Scan

  • Question 144:

    Lori was performing an audit of her company's internal Sharepoint pages when she came across the following codE. What is the purpose of this code?

    A. This JavaScript code will use a Web Bug to send information back to another server.
    B. This code snippet will send a message to a server at 192.154.124.55 whenever the "escape" key is pressed.
    C. This code will log all keystrokes.
    D. This bit of JavaScript code will place a specific image on every page of the RSS feed.

  • Question 145:

    John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong. In the context of Session hijacking why would you consider this as a false sense of security?

    A. The token based security cannot be easily defeated.
    B. The connection can be taken over after authentication.
    C. A token is not considered strong authentication.
    D. Token security is not widely used in the industry.

  • Question 146:

    Which of the following tools can be used to perform a zone transfer?

    A. NSLookup
    B. Finger
    C. Dig
    D. Sam Spade
    E. Host
    F. Netcat
    G. Neotrace

  • Question 147:

    Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

    A. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
    B. CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.
    C. CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.
    D. CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

  • Question 148:

    What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

    A. tcp.src == 25 and ip.host == 192.168.0.125
    B. host 192.168.0.125:25
    C. port 25 and host 192.168.0.125
    D. tcp.port == 25 and ip.host == 192.168.0.125

  • Question 149:

    Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to- date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

    A. They are using UDP that is always authorized at the firewall
    B. They are using an older version of Internet Explorer that allow them to bypass the proxy server
    C. They have been able to compromise the firewall, modify the rules, and give themselves proper access
    D. They are using tunneling software that allows them to communicate with protocols in a way it was not intended

  • Question 150:

    In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

    A. Rouge access point attack
    B. Unauthorized access point attack
    C. War Chalking
    D. WEP attack

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.