Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

EC0-350 ECCouncil Ethical Hacking and Countermeasures V8 Free Practice Exam Questions (2025 Updated)

Prepare effectively for your ECCouncil EC0-350 Ethical Hacking and Countermeasures V8 certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 2 / 7
Total 878 questions

What is "Hacktivism"?

A.

Hacking for a cause

B.

Hacking ruthlessly

C.

An association which groups activists

D.

None of the above

What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?

A.

Blind Port Scanning

B.

Idle Scanning

C.

Bounce Scanning

D.

Stealth Scanning

E.

UDP Scanning

Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?

A.

Network aliasing

B.

Domain Name Server (DNS) poisoning

C.

Reverse Address Resolution Protocol (ARP)

D.

Port scanning

What are the default passwords used by SNMP? (Choose two.)

A.

Password

B.

SA

C.

Private

D.

Administrator

E.

Public

F.

Blank

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

A.

IP Security (IPSEC)

B.

Multipurpose Internet Mail Extensions (MIME)

C.

Pretty Good Privacy (PGP)

D.

Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crime investigations throughout the United States?

A.

NDCA

B.

NICP

C.

CIRP

D.

NPC

E.

CIA

Your XYZ trainee Sandra asks you which are the four existing Regional Internet Registry (RIR's)?

A.

APNIC, PICNIC, ARIN, LACNIC

B.

RIPE NCC, LACNIC, ARIN, APNIC

C.

RIPE NCC, NANIC, ARIN, APNIC

D.

RIPE NCC, ARIN, APNIC, LATNIC

Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer)

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Exhibit

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes form port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

What does a type 3 code 13 represent?(Choose two.

A.

Echo request

B.

Destination unreachable

C.

Network unreachable

D.

Administratively prohibited

E.

Port unreachable

F.

Time exceeded

What type of port scan is shown below?

A.

Idle Scan

B.

Windows Scan

C.

XMAS Scan

D.

SYN Stealth Scan

The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:

(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log entries.)

What can you infer from the above log?

A.

The system is a windows system which is being scanned unsuccessfully.

B.

The system is a web application server compromised through SQL injection.

C.

The system has been compromised and backdoored by the attacker.

D.

The actual IP of the successful attacker is 24.9.255.53.

You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.

What should be the next logical step that should be performed?

A.

Connect to open ports to discover applications.

B.

Perform a ping sweep to identify any additional systems that might be up.

C.

Perform a SYN scan on port 21 to identify any additional systems that might be up.

D.

Rescan every computer to verify the results.

An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.

A.

2

B.

256

C.

512

D.

Over 10, 000

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following:

What can he infer from this file?

A.

A picture that has been renamed with a .txt extension

B.

An encrypted file

C.

An encoded file

D.

A buffer overflow

Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

A.

Finger

B.

FTP

C.

Samba

D.

SMB

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

3600 604800 2400.

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer

A.

Alternate Data Streams

B.

Merge Streams

C.

Steganography

D.

NetBIOS vulnerability

What does the term “Ethical Hacking” mean?

A.

Someone who is hacking for ethical reasons.

B.

Someone who is using his/her skills for ethical reasons.

C.

Someone who is using his/her skills for defensive purposes.

D.

Someone who is using his/her skills for offensive purposes.

Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.

Within the context of penetration testing methodology, what phase is Bob involved with?

A.

Passive information gathering

B.

Active information gathering

C.

Attack phase

D.

Vulnerability Mapping

At a Windows Server command prompt, which command could be used to list the running services?

A.

Sc query type= running

B.

Sc query \\servername

C.

Sc query

D.

Sc config

Which of the following is an automated vulnerability assessment tool?

A.

Whack a Mole

B.

Nmap

C.

Nessus

D.

Kismet

E.

Jill32

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

A.

An attacker, working slowly enough, can evade detection by the IDS.

B.

Network packets are dropped if the volume exceeds the threshold.

C.

Thresholding interferes with the IDS’ ability to reassemble fragmented packets.

D.

The IDS will not distinguish among packets originating from different sources.

What flags are set in a X-MAS scan?(Choose all that apply.

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

URG

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

A.

SYN scan

B.

ACK scan

C.

RST scan

D.

Connect scan

E.

FIN scan

What are two things that are possible when scanning UDP ports? (Choose two.

A.

A reset will be returned

B.

An ICMP message will be returned

C.

The four-way handshake will not be completed

D.

An RFC 1294 message will be returned

E.

Nothing

Which property ensures that a hash function will not produce the same hashed value for two different messages?

A.

Collision resistance

B.

Bit length

C.

Key strength

D.

Entropy

Which of the following descriptions is true about a static NAT?

A.

A static NAT uses a many-to-many mapping.

B.

A static NAT uses a one-to-many mapping.

C.

A static NAT uses a many-to-one mapping.

D.

A static NAT uses a one-to-one mapping.

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A.

 Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Which of the following business challenges could be solved by using a vulnerability scanner?

A.

Auditors want to discover if all systems are following a standard naming convention.

B.

A web server was compromised and management needs to know if any further systems were compromised.

C.

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

D.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

A.

Metasploit scripting engine

B.

Nessus scripting engine

C.

NMAP scripting engine

D.

SAINT scripting engine

Fingerprinting VPN firewalls is possible with which of the following tools?

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

A.

An extensible security framework named COBIT

B.

A list of flaws and how to fix them

C.

Web application patches

D.

A security certification for hardened web applications

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

A.

64 bit and CCMP

B.

128 bit and CRC

C.

128 bit and CCMP

D.

128 bit and TKIP

An NMAP scan of a server shows port 25 is open.  What risk could this pose?

A.

Open printer sharing

B.

Web portal data leak

C.

Clear text authentication

D.

Active mail relay

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

A.

The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

B.

The root CA stores the user's hash value for safekeeping.

C.

The CA is the trusted root that issues certificates.

D.

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Which of the following techniques will identify if computer files have been changed?

A.

Network sniffing

B.

Permission sets

C.

Integrity checking hashes

D.

Firewall alerts

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

A.

Asymmetric

B.

Confidential

C.

Symmetric

D.

Non-confidential

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 2 / 7
Total 878 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved