EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 171:

    Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?

    A. Cain
    B. John the Ripper
    C. Nikto
    D. Hping

  • Question 172:

    Which one of the following attacks will pass through a network layer intrusion detection system undetected?

    A. A teardrop attack
    B. A SYN flood attack
    C. A DNS spoofing attack
    D. A test.cgi attack

  • Question 173:

    John wishes to install a new application onto his Windows 2000 server. He wants to ensure that any application he uses has not been Trojaned. What can he do to help ensure this?

    A. Compare the file's MD5 signature with the one published on the distribution media
    B. Obtain the application via SSL
    C. Compare the file's virus signature with the one published on the distribution media
    D. Obtain the application from a CD-ROM disc

  • Question 174:

    An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer)

    A. Create a network tunnel.
    B. Create a multiple false positives.
    C. Create a SYN flood.
    D. Create a ping flood.

  • Question 175:

    You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address. What can be inferred from this output?

    A. An application proxy firewall
    B. A stateful inspection firewall
    C. A host based IDS
    D. A Honeypot

  • Question 176:

    Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after

    more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.

    But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been

    scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.

    Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple

    machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.

    Samuel wants to completely block hackers brute force attempts on his network.

    What are the alternatives to defending against possible brute-force password attacks on his site?

    A. Enforce a password policy and use account lockouts after three wrong logon attempts even though this might lock out legit users
    B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the Firewall manually
    C. Enforce complex password policy on your network so that passwords are more difficult to brute force
    D. You cannot completely block the intruders attempt if they constantly switch proxies

  • Question 177:

    A XYZ security System Administrator is reviewing the network system log files.

    He notes the following:

    Network log files are at 5 MB at 12:00 noon.

    At 14:00 hours, the log files at 3 MB.

    What should he assume has happened and what should he do about the situation?

    A. He should contact the attacker's ISP as soon as possible and have the connection disconnected.
    B. He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.
    C. He should log the file size, and archive the information, because the router crashed.
    D. He should run a file system check, because the Syslog server has a self correcting file system problem.
    E. He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

  • Question 178:

    When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)

    A. Cover his tracks by eradicating the log files and audit trails.
    B. Gain access to the remote computer in order to conceal the venue of attacks.
    C. Perform a reconnaissance of the remote target for identical of venue of attacks.
    D. Always begin with a scan in order to quickly identify venue of attacks.

  • Question 179:

    Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.

    He receives the following SMS message during the weekend.

    An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command. Which of the following hping2 command is responsible for the above snort alert?

    A. chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118
    B. chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118
    C. chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118
    D. chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118

  • Question 180:

    Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

    A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
    B. Maintenance of the nation's Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
    C. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
    D. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.