EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 231:

    How do you defend against DHCP Starvation attack?

    A. Enable ARP-Block on the switch
    B. Enable DHCP snooping on the switch
    C. Configure DHCP-BLOCK to 1 on the switch
    D. Install DHCP filters on the switch to block this attack

  • Question 232:

    One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3. In the list below which of the choices represent the level that forces NetWare to sign all packets?

    A. 0 (zero)
    B. 1
    C. 2
    D. 3

  • Question 233:

    John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the log files to investigate the attack. Take a look at the following Linux log file snippet. The hacker compromised and "owned" a

    Linux machine.

    What is the hacker trying to accomplish here?

    A. The hacker is attempting to compromise more machines on the network
    B. The hacker is planting a rootkit
    C. The hacker is running a buffer overflow exploit to lock down the system
    D. The hacker is trying to cover his tracks

  • Question 234:

    Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 ?no response TCP port 22 ?no response TCP port 23 ?Time-to-live exceeded

    A. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.
    B. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.
    C. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.
    D. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

  • Question 235:

    Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

    A. USER, NICK
    B. LOGIN, NICK
    C. USER, PASS
    D. LOGIN, USER

  • Question 236:

    Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

    A. Firewall
    B. Honeypot
    C. Core server
    D. Layer 4 switch

  • Question 237:

    Which of the following types of firewall inspects only header information in network traffic?

    A. Packet filter
    B. Stateful inspection
    C. Circuit-level gateway
    D. Application-level gateway

  • Question 238:

    When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the Source IP address and Destination IP address are the same. There have been no alerts sent via

    email or logged in the IDS.

    Which type of an alert is this?

    A. False positive
    B. False negative
    C. True positive
    D. True negative

  • Question 239:

    What happens when one experiences a ping of death?

    A. This is when an IP datagram is received with the "protocol" field in the IP header set to 1 (ICMP) and the "type" field in the ICMP header is set to 18 (Address Mask Reply).
    B. This is when an IP datagram is received with the "protocol" field in the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset ` 8) + (IP data length) >65535. In other words, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8-byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
    C. This is when an IP datagram is received with the "protocol" field in the IP header set to 1 (ICMP) and the source equal to destination address.
    D. This is when an the IP header is set to 1 (ICMP) and the "type" field in the ICMP header is set to 5 (Redirect).

  • Question 240:

    According to the CEH methodology, what is the next step to be performed after footprinting?

    A. Enumeration
    B. Scanning
    C. System Hacking
    D. Social Engineering
    E. Expanding Influence

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.