1. Home
  2. EC-COUNCIL
  3. 412-79V10

EC-Council Certified Security Analyst (ECSA) V10

Exam Details

  • Exam Code
    :412-79V10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) V10
  • Certification
    :ECSA
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :201 Q&As
  • Last Updated
    :May 17, 2024

EC-COUNCIL ECSA 412-79V10 Questions & Answers

  • Question 161:

    Which of the following defines the details of services to be provided for the client's organization and the list of services required for performing the test in the organization?

    A. Draft

    B. Report

    C. Requirement list

    D. Quotation

  • Question 162:

    Application security assessment is one of the activity that a pen tester performs in the attack phase. It is designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. It checks the application so that a malicious user cannot access, modify, or destroy data or services within the system.

    Identify the type of application security assessment which analyzes the application-based code to confirm that it does not contain any sensitive information that an attacker might use to exploit an application.

    A. Web Penetration Testing

    B. Functionality Testing

    C. Authorization Testing

    D. Source Code Review

  • Question 163:

    Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

    A. SYN Scan

    B. Connect() scan

    C. XMAS Scan

    D. Null Scan

  • Question 164:

    Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say `Wireless' these days, they are referring to one of the 802.11 standards. There are three main 802.11 standards: B, A, and

    A. Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?

    B. 802.11b

    C. 802.11g

    D. 802.11-Legacy

    E. 802.11n

  • Question 165:

    Which of the following protocols cannot be used to filter VoIP traffic?

    A. Media Gateway Control Protocol (MGCP)

    B. Real-time Transport Control Protocol (RTCP)

    C. Session Description Protocol (SDP)

    D. Real-Time Publish Subscribe (RTPS)

  • Question 166:

    Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?

    A. Invalid username or password

    B. Account username was not found

    C. Incorrect password

    D. Username or password incorrect

  • Question 167:

    An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?

    A. Frame Injection Attack

    B. LDAP Injection Attack

    C. XPath Injection Attack

    D. SOAP Injection Attack

  • Question 168:

    Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

    A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

    Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

    A. Passive Assessment

    B. Host-based Assessment

    C. External Assessment

    D. Application Assessment

  • Question 169:

    Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

    A. Service-based Assessment Solutions

    B. Product-based Assessment Solutions

    C. Tree-based Assessment

    D. Inference-based Assessment

  • Question 170:

    James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

    A. Smurf

    B. Trinoo

    C. Fraggle

    D. SYN flood

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.