1. Home
  2. EC-COUNCIL
  3. 412-79

EC-COUNCIL 412-79 Online Practice Questions and Exam Preparation

412-79 Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :May 29, 2026

EC-COUNCIL 412-79 Online Questions & Answers

  • Question 131:

    When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

    A. Recycle Bin
    B. MSDOS.sys
    C. BIOS
    D. Case files

  • Question 132:

    Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

    A. Only an HTTPS session can be hijacked
    B. Only DNS traffic can be hijacked
    C. Only FTP traffic can be hijacked
    D. HTTP protocol does not maintain session

  • Question 133:

    What is the target host IP in the following command?

    A. Firewalk does not scan target hosts
    B. 172.16.28.95
    C. This command is using FIN packets, which cannot scan target hosts
    D. 10.10.150.1

  • Question 134:

    After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

    A. IPSEC does not work with packet filtering firewalls
    B. NAT does not work with IPSEC
    C. NAT does not work with statefull firewalls
    D. Statefull firewalls do not work with packet filtering firewalls

  • Question 135:

    A packet is sent to a router that does not have the packet destination address in its route table, how will the packet get to its properA packet is sent to a router that does not have the packet? destination address in its route table, how will the packet get to its proper destination?

    A. Root Internet servers
    B. Border Gateway Protocol
    C. Gateway of last resort
    D. Reverse DNS

  • Question 136:

    Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?

    A. Fuzzing
    B. Tailgating
    C. Man trap attack
    D. Backtrapping

  • Question 137:

    An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekenD. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

    A. EFS uses a 128- bit key that can t be cracked, so you will not be able to recover the information
    B. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information
    C. The EFS Revoked Key Agent can be used on the Computer to recover the information
    D. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

  • Question 138:

    You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company's clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

    A. Ping sweep
    B. Netcraft
    C. Dig
    D. Nmap

  • Question 139:

    How many bits is Source Port Number in TCP Header packet?

    A. 48
    B. 32
    C. 64
    D. 16

  • Question 140:

    What should you do when approached by a reporter about a case that you are working on or have worked on?

    A. Refer the reporter to the attorney that retained you
    B. Say, "no comment"
    C. Answer all the reporters questions as completely as possible
    D. Answer only the questions that help your case

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.