412-79 Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 10, 2026

EC-COUNCIL 412-79 Online Questions & Answers

  • Question 221:

    Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?

    A. SDW Encryption
    B. EFS Encryption
    C. DFS Encryption
    D. IPS Encryption

  • Question 222:

    The newer Macintosh Operating System is based on:

    A. OS/2
    B. BSD Unix
    C. Linux
    D. Microsoft Windows

  • Question 223:

    What is a good security method to prevent unauthorized users from "tailgating"?

    A. Electronic key systems
    B. Man trap
    C. Pick-resistant locks
    D. Electronic combination locks

  • Question 224:

    What does mactime, an essential part of the coroner s toolkit do?

    A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
    B. It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them
    C. The tools scans for i-node information, which is used by other tools in the tool kit
    D. It is tool specific to the MAC OS and forms a core component of the toolkit

  • Question 225:

    Which of the following filesystem is used by Mac OS X?

    A. EFS
    B. HFS+
    C. EXT2
    D. NFS

  • Question 226:

    You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

    A. RaidSniff
    B. Snort
    C. Ettercap
    D. Airsnort

  • Question 227:

    After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

    A. RestrictAnonymous must be set to "2" for complete security
    B. RestrictAnonymous must be set to "3" for complete security
    C. There is no way to always prevent an anonymous null session from establishing
    D. RestrictAnonymous must be set to "10" for complete security

  • Question 228:

    You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will.

    What do you do?

    A. Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned
    B. Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment
    C. Inform the owner that conducting an investigation without a policy is a violation of the employees expectation of privacy
    D. Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

  • Question 229:

    Software firewalls work at which layer of the OSI model?

    A. Transport
    B. Application
    C. Network
    D. Data Link

  • Question 230:

    You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

    A. Metamorphic
    B. Oligomorhic
    C. Polymorphic
    D. Transmorphic

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.