EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 11:

    An NMAP scan of a server shows port 25 is open. What risk could this pose?

    A. Open printer sharing
    B. Web portal data leak
    C. Clear text authentication
    D. Active mail relay

  • Question 12:

    Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?

    A. Port Scanning
    B. Single Scanning
    C. External Scanning
    D. Vulnerability Scanning

  • Question 13:

    What are the limitations of Vulnerability scanners? (Select 2 answers)

    A. There are often better at detecting well-known vulnerabilities than more esoteric ones
    B. The scanning speed of their scanners are extremely high
    C. It is impossible for any, one scanning product to incorporate all known vulnerabilities in a timely manner
    D. The more vulnerabilities detected, the more tests required
    E. They are highly expensive and require per host scan license

  • Question 14:

    You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached cell phone 3G modem to his telephone line and workstation. He has used this cell phone 3G modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation?

    A. Reconfigure the firewall
    B. Enforce the corporate security policy
    C. Install a network-based IDS
    D. Conduct a needs analysis

  • Question 15:

    When referring to the Domain Name Service, what is denoted by a `zone'?

    A. It is the first domain that belongs to a company.
    B. It is a collection of resource records.
    C. It is the first resource record type in the SOA.
    D. It is a collection of domains.

  • Question 16:

    Jim is having no luck performing a penetration test in XYZ's network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.

    Why is Jim having these problems?

    A. Security scanners are not designed to do testing through a firewall.
    B. Security scanners cannot perform vulnerability linkage.
    C. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.
    D. All of the above.

  • Question 17:

    Which type of scan does NOT open a full TCP connection?

    A. Stealth Scan
    B. XMAS Scan
    C. Null Scan
    D. FIN Scan

  • Question 18:

    On wireless networks, SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless networks?

    A. The SSID is only 32 bits in length.
    B. The SSID is transmitted in clear text.
    C. The SSID is the same as the MAC address for all vendors.
    D. The SSID is to identify a station, not a network.

  • Question 19:

    Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?

    A. ip == 192.168.0.1 and tcp.syn
    B. ip.addr = 192.168.0.1 and syn = 1
    C. ip.addr==192.168.0.1 and tcp.flags.syn
    D. ip.equals 192.168.0.1 and syn.equals on

  • Question 20:

    Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

    A. The initial traffic from 192.168.12.35 was being spoofed.
    B. The traffic from 192.168.12.25 is from a Linux computer.
    C. The TTL of 21 means that the client computer is on wireless.
    D. The client computer at 192.168.12.35 is a zombie computer.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.