412-79 Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 10, 2026

EC-COUNCIL 412-79 Online Questions & Answers

  • Question 31:

    An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.

    A. logical
    B. anti-magnetic
    C. magnetic
    D. optical

  • Question 32:

    You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer laB. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

    A. Bit-stream Copy
    B. Robust Copy
    C. Full backup Copy
    D. Incremental Backup Copy

  • Question 33:

    Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

    A. Perform a zone transfer
    B. Perform DNS poisoning
    C. Send DOS commands to crash the DNS servers
    D. Enumerate all the users in the domain

  • Question 34:

    Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command.

    What is he testing at this point?

    #include

    #include

    int main(int argc, char *argv[])

    {

    char buffer[10];

    if (argc < 2)

    {

    fprintf(stderr, "USAGE: %s string\n", argv[0]);

    return 1;

    }

    strcpy(buffer, argv[1]);

    return 0;

    }

    A. Buffer overflow
    B. Format string bug
    C. Kernal injection
    D. SQL injection

  • Question 35:

    In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

    A. rules of evidence
    B. law of probability
    C. chain of custody
    D. policy of separation

  • Question 36:

    Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

    A. Enable tunneling feature on the switch
    B. Trick the switch into thinking it already has a session with Terri's computer
    C. Crash the switch with a DoS attack since switches cannot send ACK bits
    D. Poison the switch's MAC address table by flooding it with ACK bits

  • Question 37:

    You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

    A. Use attack as a launching point to penetrate deeper into the network
    B. Demonstrate that no system can be protected against DoS attacks
    C. List weak points on their network
    D. Show outdated equipment so it can be replaced

  • Question 38:

    The offset in a hexadecimal code is:

    A. The last byte after the colon
    B. The 0x at the beginning of the code
    C. The 0x at the end of the code
    D. The first byte after the colon

  • Question 39:

    What TCP/UDP port does the toolkit program netstat use?

    A. Port 7
    B. Port 15
    C. Port 23
    D. Port 69

  • Question 40:

    You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?

    A. create a compressed copy of the file with DoubleSpace
    B. create a sparse data copy of a folder or file
    C. make a bit-stream disk-to-image file
    D. make a bit-stream disk-to-disk file

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.