412-79V10 Exam Details

  • Exam Code
    :412-79V10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) V10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :201 Q&As
  • Last Updated
    :Jul 03, 2026

EC-COUNCIL 412-79V10 Online Questions & Answers

  • Question 81:

    SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.

    This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application

    for execution by a back- end database.

    The below diagram shows how attackers launched SQL injection attacks on web applications.

    Which of the following can the attacker use to launch an SQL injection attack?

    A. Blah' "2=2 ?
    B. Blah' and 2=2 -
    C. Blah' and 1=1 -
    D. Blah' or 1=1 -

  • Question 82:

    Identify the type of authentication mechanism represented below:

    A. NTLMv1
    B. NTLMv2
    C. LAN Manager Hash
    D. Kerberos

  • Question 83:

    Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

    A. California SB 1386
    B. Sarbanes-Oxley 2002
    C. Gramm-Leach-Bliley Act (GLBA)
    D. USA Patriot Act 2001

  • Question 84:

    Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?

    A. Tcpdump
    B. Capinfos
    C. Tshark
    D. Idl2wrs

  • Question 85:

    Which of the following protocol's traffic is captured by using the filter tcp.port==3389 in the Wireshark tool?

    A. Reverse Gossip Transport Protocol (RGTP)
    B. Real-time Transport Protocol (RTP)
    C. Remote Desktop Protocol (RDP)
    D. Session Initiation Protocol (SIP)

  • Question 86:

    The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a programspecific signal and the handler for this calls the DropStats() function to output the current Snort statistics?

    A. SIGUSR1
    B. SIGTERM
    C. SIGINT
    D. SIGHUP

  • Question 87:

    Snort, an open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following modes reads the packets off the network and displays them in a continuous stream on the console (screen)?

    A. Packet Sniffer Mode
    B. Packet Logger Mode
    C. Network Intrusion Detection System Mode
    D. Inline Mode

  • Question 88:

    By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used to troubleshoot TCP/IP connectivity issues?

    A. PortQry
    B. Netstat
    C. Telnet
    D. Tracert

  • Question 89:

    Which among the following information is not furnished by the Rules of Engagement (ROE) document?

    A. Techniques for data collection from systems upon termination of the test
    B. Techniques for data exclusion from systems upon termination of the test
    C. Details on how data should be transmitted during and after the test
    D. Details on how organizational data is treated throughout and after the test

  • Question 90:

    In which of the following firewalls are the incoming or outgoing packets blocked from accessing services for which there is no proxy?

    A. Circuit level firewalls
    B. Packet filters firewalls
    C. Stateful multilayer inspection firewalls
    D. Application level firewalls

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.