Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

EC-Council EC0-350 Exam Questions
Ethical Hacking and Countermeasures (Page 20 )

Updated On: 17-Feb-2026
Page 20 of 153
PDF with 878 Questions

What happens when one experiences a ping of death?

  1. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the “type” field in the ICMP header is set to 18 (Address Mask Reply).
  2. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset ‘ 8) + (IP data length) >65535.
    In other words, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8-byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
  3. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the source equal to destination address.
  4. This is when an the IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).

Answer(s): B

Explanation:

A hacker can send an IP packet to a vulnerable machine such that the last fragment contains an offest where (IP offset *8) + (IP data length)>65535. This means that when the packet is reassembled, its total length is larger than the legal limit, causing buffer overruns in the machine's OS (becouse the buffer sizes are defined only to accomodate the maximum allowed size of the packet based on RFC 791)...IDS can generally recongize such attacks by looking for packet fragments that have the IP header's protocol field set to 1 (ICMP), the last bit set, and (IP offset *8) +(IP data length)>65535" CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 "Ping of Death" attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and zero or more octets of optional information, with the rest of the packet being datA. Ping of Death attacks can cause crashing, freezing, and rebooting.



Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.
Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)

  1. Ethernet Zapping
  2. MAC Flooding
  3. Sniffing in promiscuous mode
  4. ARP Spoofing

Answer(s): B,D

Explanation:

In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).



A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold.
What is the most common cause of buffer overflow in software today?

  1. Bad permissions on files.
  2. High bandwidth and large number of users.
  3. Usage of non standard programming languages.
  4. Bad quality assurance on software produced.

Answer(s): D

Explanation:

Technically, a buffer overflow is a problem with the program's internal implementation.



Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

  1. To determine who is the holder of the root account
  2. To perform a DoS
  3. To create needless SPAM
  4. To illicit a response back that will reveal information about email servers and how they treat undeliverable mail
  5. To test for virus protection

Answer(s): D

Explanation:

Sending a bogus email is one way to find out more about internal servers. Also, to gather additional IP addresses and learn how they treat mail.



Pandora is used to attack __________ network operating systems.

  1. Windows
  2. UNIX
  3. Linux
  4. Netware
  5. MAC OS

Answer(s): D

Explanation:

While there are not lots of tools available to attack Netware, Pandora is one that can be used.






Post your Comments and Discuss EC-Council EC0-350 exam dumps with other Community members:

Join the EC0-350 Discussion