EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 71:

    A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.

    What do you think is the most likely reason behind this?

    A. There is a NIDS present on that segment.
    B. Kerberos is preventing it.
    C. Windows logons cannot be sniffed.
    D. L0phtcrack only sniffs logons to web servers.

  • Question 72:

    What statement is true regarding LM hashes?

    A. LM hashes consist in 48 hexadecimal characters.
    B. LM hashes are based on AES128 cryptographic standard.
    C. Uppercase characters in the password are converted to lowercase.
    D. LM hashes are not generated when the password length exceeds 15 characters.

  • Question 73:

    This tool is widely used for ARP Poisoning attack. Name the tool.

    A. Cain and Able
    B. Beat Infector
    C. Poison Ivy
    D. Webarp Infector

  • Question 74:

    You have been called to investigate a sudden increase in network traffic at XYZ. It seems that the traffic generated was too heavy that normal business functions could no longer be rendered to external employees and clients. After a quick investigation, you find that the computer has services running attached to TFN2k and Trinoo software. What do you think was the most likely cause behind this sudden increase in traffic?

    A. A distributed denial of service attack.
    B. A network card that was jabbering.
    C. A bad route on the firewall.
    D. Invalid rules entry at the gateway.

  • Question 75:

    An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic, the attacker drafts e-mail to an employee on the contact page that

    appears to come from an individual who might reasonably request confidential information, such as a network administrator.

    The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming.

    Google's Gmail was hacked using this technique and attackers stole source code and sensitive data from Google servers. This is highly sophisticated attack using zero-day exploit vectors, social engineering and malware websites that

    focused on targeted individuals working for the company.

    What is this deadly attack called?

    A. Spear phishing attack
    B. Trojan server attack
    C. Javelin attack
    D. Social networking attack

  • Question 76:

    Name two software tools used for OS guessing? (Choose two.

    A. Nmap
    B. Snadboy
    C. Queso
    D. UserInfo
    E. NetBus

  • Question 77:

    After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?

    1.mkdir -p /etc/X11/applnk/Internet/.etc

    2.mkdir -p /etc/X11/applnk/Internet/.etcpasswd

    3.touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

    4.touch -acmr /etc /etc/X11/applnk/Internet/.etc

    5.passwd nobody -d

    6./usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

    7.passwd dns -d

    8.touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

    9.

    touch -acmr /etc/X11/applnk/Internet/.etc /etc

    A. IUSR_
    B. acmr, dns
    C. nobody, dns
    D. nobody, IUSR_

  • Question 78:

    What is the disadvantage of an automated vulnerability assessment tool?

    A. Ineffective
    B. Slow
    C. Prone to false positives
    D. Prone to false negatives
    E. Noisy

  • Question 79:

    In the following example, which of these is the "exploit"?

    Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been

    automated using basic scripting. Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites.

    Select the best answer.

    A. Microsoft Corporation is the exploit.
    B. The security "hole" in the product is the exploit.
    C. Windows 2003 Server
    D. The exploit is the hacker that would use this vulnerability.
    E. The documented method of how to use the vulnerability to gain unprivileged access.

  • Question 80:

    You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

    A. The zombie you are using is not truly idle.
    B. A stateful inspection firewall is resetting your queries.
    C. Hping2 cannot be used for idle scanning.
    D. These ports are actually open on the target system.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.