EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 241:

    Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used printf(?s? str). What attack will his program expose the web application to?

    A. Cross Site Scripting
    B. SQL injection Attack
    C. Format String Attack
    D. Unicode Traversal Attack

  • Question 242:

    What type of attack is shown in the following diagram?

    A. Man-in-the-Middle (MiTM) Attack
    B. Session Hijacking Attack
    C. SSL Spoofing Attack
    D. Identity Stealing Attack

  • Question 243:

    Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

    A. Fast processor to help with network traffic analysis
    B. They must be dual-homed
    C. Similar RAM requirements
    D. Fast network interface cards

  • Question 244:

    Bob has been hired to do a web application security test. Bob notices that the site is dynamic and must make use of a back end database. Bob wants to see if SQL Injection would be possible. What is the first character that Bob should use to attempt breaking valid SQL request?

    A. Semi Column
    B. Double Quote
    C. Single Quote
    D. Exclamation Mark

  • Question 245:

    Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using?

    A. Henry is executing commands or viewing data outside the intended target path
    B. Henry is using a denial of service attack which is a valid threat used by an attacker
    C. Henry is taking advantage of an incorrect configuration that leads to access with higher- than-expected privilege
    D. Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands

  • Question 246:

    Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

    A. Overloading Port Address Translation
    B. Dynamic Port Address Translation
    C. Dynamic Network Address Translation
    D. Static Network Address Translation

  • Question 247:

    John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.

    What would you suggest to John to help identify the OS that is being used on the remote web server?

    A. Connect to the web server with a browser and look at the web page.
    B. Connect to the web server with an FTP client.
    C. Telnet to port 8080 on the web server and look at the default page code.
    D. Telnet to an open port and grab the banner.

  • Question 248:

    You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ?

    A. Black box testing
    B. Black hat testing
    C. Gray box testing
    D. Gray hat testing
    E. White box testing
    F. White hat testing

  • Question 249:

    Melissa is a virus that attacks Microsoft Windows platforms. To which category does this virus belong?

    A. Polymorphic
    B. Boot Sector infector
    C. System
    D. Macro

  • Question 250:

    A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

    A. Perform a dictionary attack.
    B. Perform a brute force attack.
    C. Perform an attack with a rainbow table.
    D. Perform a hybrid attack.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.