412-79V10 Exam Details

  • Exam Code
    :412-79V10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) V10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :201 Q&As
  • Last Updated
    :Jul 03, 2026

EC-COUNCIL 412-79V10 Online Questions & Answers

  • Question 1:

    A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues.

    What are the two types of `white-box' penetration testing?

    A. Announced testing and blind testing
    B. Blind testing and double blind testing
    C. Blind testing and unannounced testing
    D. Announced testing and unannounced testing

  • Question 2:

    Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for their personal use and for inappropriate web site viewing. Management decide to block all such web sites using URL filtering software.

    How can employees continue to see the blocked websites?

    A. Using session hijacking
    B. Using proxy servers
    C. Using authentication
    D. Using encryption

  • Question 3:

    In the example of a /etc/passwd file below, what does the bold letter string indicate? nomad:HrLNrZ3VS3TF2:501:100: Simple Nomad:/home/nomad:/bin/bash

    A. Maximum number of days the password is valid
    B. Group number
    C. GECOS information
    D. User number

  • Question 4:

    Which of the following protocols cannot be used to filter VoIP traffic?

    A. Media Gateway Control Protocol (MGCP)
    B. Real-time Transport Control Protocol (RTCP)
    C. Session Description Protocol (SDP)
    D. Real-Time Publish Subscribe (RTPS)

  • Question 5:

    Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?

    A. Check for Directory Consistency and Page Naming Syntax of the Web Pages
    B. Examine Server Side Includes (SSI)
    C. Examine Hidden Fields
    D. Examine E-commerce and Payment Gateways Handled by the Web Server

  • Question 6:

    Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

    Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

    What characteristics do phishing messages often have that may make them identifiable?

    A. Invalid email signatures or contact information
    B. Suspiciously good grammar and capitalization
    C. They trigger warning pop-ups
    D. Suspicious attachments

  • Question 7:

    Which of the following appendices gives detailed lists of all the technical terms used in the report?

    A. Required Work Efforts
    B. References
    C. Research
    D. Glossary

  • Question 8:

    A penetration test consists of three phases: pre-attack phase, attack phase, and post- attack phase.

    Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter mapping is a part which phase(s)?

    A. Post-attack phase
    B. Pre-attack phase and attack phase
    C. Attack phase
    D. Pre-attack phase

  • Question 9:

    What are the 6 core concepts in IT security?

    A. Server management, website domains, firewalls, IDS, IPS, and auditing
    B. Authentication, authorization, confidentiality, integrity, availability, and non-repudiation
    C. Passwords, logins, access controls, restricted domains, configurations, and tunnels
    D. Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

  • Question 10:

    Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.

    A. Unannounced Testing
    B. Double Blind Testing
    C. Announced Testing
    D. Blind Testing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.