412-79 Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 10, 2026

EC-COUNCIL 412-79 Online Questions & Answers

  • Question 41:

    George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

    A. Nessus is too loud
    B. There are no ways of performing a "stealthy" wireless scan
    C. Nessus cannot perform wireless testing
    D. Nessus is not a network scanner

  • Question 42:

    Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual mediA. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

    A. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media
    B. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence
    C. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
    D. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

  • Question 43:

    Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

    A. The manufacturer of the system compromised
    B. The logic, formatting and elegance of the code used in the attack
    C. The nature of the attack
    D. The vulnerability exploited in the incident

  • Question 44:

    Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security. Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

    A. Simple Network Management Protocol
    B. Broadcast System Protocol
    C. Cisco Discovery Protocol
    D. Border Gateway Protocol

  • Question 45:

    An "idle" system is also referred to as what?

    A. Zombie
    B. PC not being used
    C. Bot
    D. PC not connected to the Internet

  • Question 46:

    You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

    A. intitle:"exchange server"
    B. outlook:"search"
    C. locate:"logon page"
    D. allinurl:"exchange/logon.asp"

  • Question 47:

    The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

    A. Locard Exchange Principle
    B. Clark Standard
    C. Kelly Policy
    D. Silver-Platter Doctrine

  • Question 48:

    Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

    A. Poison the switch's MAC address table by flooding it with ACK bits
    B. Enable tunneling feature on the switch
    C. Trick the switch into thinking it already has a session with Terri's computer
    D. Crash the switch with a DoS attack since switches cannot send ACK bits

  • Question 49:

    Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan:

    portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan:

    194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query:

    212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval:

    194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07

    [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard:

    198.173.35.164:4221 -> 172.16.1.107:80 Apr 26

    05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb [12509]: (login) session opened for

    user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]:

    (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe:

    24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect:

    172.16.1.107:23

    -> 213.28.22.189:4558 Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

    A. Disallow UDP53 in from outside to DNS server
    B. Allow UDP53 in from DNS server to outside
    C. Disallow TCP53 in from secondaries or ISP server to DNS server
    D. Block all UDP traffic

  • Question 50:

    What does the superblock in Linux define?

    A. filesynames
    B. diskgeometr
    C. location of the firstinode
    D. available space

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.