1. Home
  2. EC-COUNCIL
  3. 412-79

EC-COUNCIL 412-79 Online Practice Questions and Exam Preparation

412-79 Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :May 29, 2026

EC-COUNCIL 412-79 Online Questions & Answers

  • Question 101:

    In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

    A. The ISP can investigate anyone using their service and can provide you with assistance
    B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
    C. The ISP can t conduct any type of investigations on anyone and therefore can t assist you
    D. ISP s never maintain log files so they would be of no use to your investigation

  • Question 102:

    After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

    A. Enable BGP
    B. Disable BGP
    C. Enable direct broadcasts
    D. Disable direct broadcasts

  • Question 103:

    What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

    A. digital attack
    B. denial of service
    C. physical attack
    D. ARP redirect

  • Question 104:

    Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

    A. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum
    B. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
    C. A simple DOS copy will not include deleted files, file slack and other information
    D. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

  • Question 105:

    Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

    A. network-based IDS systems (NIDS)
    B. host-based IDS systems (HIDS)
    C. anomaly detection
    D. signature recognition

  • Question 106:

    You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

    A. Enumerate domain user accounts and built-in groups
    B. Establish a remote connection to the Domain Controller
    C. Poison the DNS records with false records
    D. Enumerate MX and A records from DNS

  • Question 107:

    You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question weather evidence has been changed while at the laB. What can you do to prove that the evidence is the same as it was when it first entered the lab?

    A. make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
    B. make an MD5 hash of the evidence and compare it to the standard database developed by NIST
    C. there is no reason to worry about this possible claim because state labs are certified
    D. sign a statement attesting that the evidence is the same as it was when it entered the lab

  • Question 108:

    Which response organization tracks hoaxes as well as viruses?

    A. NIPC
    B. FEDCIRC
    C. CERT
    D. CIAC

  • Question 109:

    What does ICMP Type 3/Code 13 mean?

    A. Host Unreachable
    B. Port Unreachable
    C. Protocol Unreachable
    D. Administratively Blocked

  • Question 110:

    As a CHFI professional, which of the following is the most important to your professional reputation?

    A. Your Certifications
    B. The correct, successful management of each and every case
    C. The free that you charge
    D. The friendship of local law enforcement officers

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.