412-79 Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 10, 2026

EC-COUNCIL 412-79 Online Questions & Answers

  • Question 61:

    What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsite.com/ scripts/.. %co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

    A. Execute a buffer flow in the C: drive of the web server
    B. Insert a Trojan horse into the C: drive of the web server
    C. Directory listing of the C:\windows\system32 folder on the web server
    D. Directory listing of C: drive on the web server

  • Question 62:

    When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

    A. NIPS
    B. Passive IDS
    C. Progressive IDS
    D. Active IDS

  • Question 63:

    You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

    A. the attorney-work-product rule
    B. Good manners
    C. Trade secrets
    D. ISO 17799

  • Question 64:

    You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web

    security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:

    When you type this and click on search, you receive a pop-up window that says:

    "This is a test."

    What is the result of this test?

    A. Your website is vulnerable to web bugs
    B. Your website is vulnerable to CSS
    C. Your website is not vulnerable
    D. Your website is vulnerable to SQL injection

  • Question 65:

    Which part of the Windows Registry contains the user s password file?

    A. HKEY_LOCAL_MACHINE
    B. HKEY_CURRENT_CONFIGURATION
    C. HKEY_USER
    D. HKEY_CURRENT_USER

  • Question 66:

    An "idle" system is also referred to as what?

    A. PC not being used
    B. PC not connected to the Internet
    C. Bot
    D. Zombie

  • Question 67:

    What happens when a file is deleted by a Microsoft operating system using the FAT file system?

    A. only the reference to the file is removed from the FAT
    B. the file is erased and cannot be recovered
    C. a copy of the file is stored and the original file is erased
    D. the file is erased but can be recovered

  • Question 68:

    In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?

    A. More RESET packets to the affected router to get it to power back up
    B. RESTART packets to the affected router to get it to power back up
    C. The change in the routing fabric to bypass the affected router
    D. STOP packets to all other routers warning of where the attack originated

  • Question 69:

    Click on the Exhibit Button

    Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible. Paulette presents the following screenshot to her boss so he can inform the client about necessary changes need to be made. From the screenshot, what changes should the client company make?

    Exhibit:

    A. The banner should not state "only authorized IT personnel may proceed"
    B. Remove any identifying numbers, names, or version information
    C. The banner should have more detail on the version numbers for the network equipment
    D. The banner should include the Cisco tech support contact information as well

  • Question 70:

    Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

    A. RIPE
    B. CVE
    C. IANA
    D. APIPA

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.