EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 851:

    Attackers target HINFO record types stored on a DNS server to enumerate information. These are information records and potential source for reconnaissance. A network administrator has the option of entering host information specifically the CPU type and operating system when creating a new DNS record. An attacker can extract this type of information easily from a DNS server.

    Which of the following commands extracts the HINFO record?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

  • Question 852:

    During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

    A. The web application does not have the secure flag set.
    B. The session cookies do not have the HttpOnly flag set.
    C. The victim user should not have an endpoint security solution.
    D. The victim's browser must have ActiveX technology enabled.

  • Question 853:

    Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65, 536 bytes. What is Lee seeing here?

    A. Lee is seeing activity indicative of a Smurf attack.
    B. Most likely, the ICMP packets are being sent in this manner to attempt IP spoofing.
    C. Lee is seeing a Ping of death attack.
    D. This is not unusual traffic, ICMP packets can be of any size.

  • Question 854:

    A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

    A. Use port security on his switches.
    B. Use a tool like ARPwatch to monitor for strange ARP activity.
    C. Use a firewall between all LAN segments.
    D. If you have a small network, use static ARP entries.
    E. Use only static IP addresses on all PC's.

  • Question 855:

    A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting their Internet exposure. However, their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their respective department.

    What kind of penetration test would you recommend that would best address the client's concern?

    A. A Black Box test
    B. A Black Hat test
    C. A Grey Box test
    D. A Grey Hat test
    E. A White Box test
    F. A White Hat test

  • Question 856:

    What does the following command in netcat do?

    nc -l -u -p55555 < /etc/passwd

    A. logs the incoming connections to /etc/passwd file
    B. loads the /etc/passwd file to the UDP port 55555
    C. grabs the /etc/passwd file when connected to UDP port 55555
    D. deletes the /etc/passwd file when connected to the UDP port 55555

  • Question 857:

    In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?

    A. EEP
    B. ESP
    C. EAP
    D. EIP

  • Question 858:

    Study the snort rule given below and interpret the rule.

    alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

    A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
    B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
    C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
    D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

  • Question 859:

    Which of the following cryptography attack methods is usually performed without the use of a computer?

    A. Ciphertext-only attack
    B. Chosen key attack
    C. Rubber hose attack
    D. Rainbow table attack

  • Question 860:

    There is a WEP encrypted wireless access point (AP) with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. What information is needed when performing fake authentication to an AP? (Choose two.)

    A. The IP address of the AP
    B. The MAC address of the AP
    C. The SSID of the wireless network
    D. A failed authentication packet

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.