412-79V10 Exam Details

  • Exam Code
    :412-79V10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) V10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :201 Q&As
  • Last Updated
    :Jul 03, 2026

EC-COUNCIL 412-79V10 Online Questions & Answers

  • Question 131:

    A Demilitarized Zone (DMZ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization. Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?

    A. Lightweight Directory Access Protocol (LDAP)
    B. Simple Network Management Protocol (SNMP)
    C. Telnet
    D. Secure Shell (SSH)

  • Question 132:

    A penetration tester performs OS fingerprinting on the target server to identify the operating system used on the target server with the help of ICMP packets.

    While performing ICMP scanning using Nmap tool, message received/type displays "3 ?Destination Unreachable[5]" and code 3. Which of the following is an appropriate description of this response?

    A. Destination port unreachable
    B. Destination host unavailable
    C. Destination host unreachable
    D. Destination protocol unreachable

  • Question 133:

    Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.

    Depending on the packet and the criteria, the firewall can:

    i)Drop the packet

    ii)Forward it or send a message to the originator

    At which level of the OSI model do the packet filtering firewalls work?

    A. Application layer
    B. Physical layer
    C. Transport layer
    D. Network layer

  • Question 134:

    Besides the policy implications of chat rooms, Internet Relay Chat (IRC) is frequented by attackers and used as a command and control mechanism. IRC normally uses which one of the following TCP ports?

    A. 6566 TCP port
    B. 6771 TCP port
    C. 6667 TCP port
    D. 6257 TCP port

  • Question 135:

    A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.

    The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.

    To perform a directory traversal attack, which sequence does a pen tester need to follow to manipulate variables of reference files?

    A. dot-dot-slash (../) sequence
    B. Denial-of-Service sequence
    C. Brute force sequence
    D. SQL Injection sequence

  • Question 136:

    Which one of the following 802.11 types uses either FHSS or DSSS for modulation?

    A. 802.11b
    B. 802.11a
    C. 802.11n
    D. 802.11-Legacy

  • Question 137:

    Identify the port numbers used by POP3 and POP3S protocols.

    A. 113 and 981
    B. 111 and 982
    C. 110 and 995
    D. 109 and 973

  • Question 138:

    What is a difference between host-based intrusion detection systems (HIDS) and network- based intrusion detection systems (NIDS)?

    A. NIDS are usually a more expensive solution to implement compared to HIDS.
    B. Attempts to install Trojans or backdoors cannot be monitored by a HIDS whereas NIDS can monitor and stop such intrusion events.
    C. NIDS are standalone hardware appliances that include network intrusion detection capabilities whereas HIDS consist of software agents installed on individual computers within the system.
    D. HIDS requires less administration and training compared to NIDS.

  • Question 139:

    Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM. NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.

    The SAM file in Windows Server 2008 is located in which of the following locations?

    A. c:\windows\system32\config\SAM
    B. c:\windows\system32\drivers\SAM
    C. c:\windows\system32\Setup\SAM
    D. c:\windows\system32\Boot\SAM

  • Question 140:

    Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

    Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

    A. SSI injection attack
    B. Insecure cryptographic storage attack
    C. Hidden field manipulation attack
    D. Man-in-the-Middle attack

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.