412-79V8 Exam Details

  • Exam Code
    :412-79V8
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :200 Q&As
  • Last Updated
    :Jul 08, 2026

EC-COUNCIL 412-79V8 Online Questions & Answers

  • Question 161:

    Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It sends a sequence of three Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host. The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers being traversed towards the destination.

    During routing, each router reduces packets' TTL value by

    A. 3
    B. 1
    C. 4
    D. 2

  • Question 162:

    Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

    What characteristics do phishing messages often have that may make them identifiable?

    A. Invalid email signatures or contact information
    B. Suspiciously good grammar and capitalization
    C. They trigger warning pop-ups
    D. Suspicious attachments

  • Question 163:

    Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

    A. Penetration Testing Agreement
    B. Rules of Behavior Agreement
    C. Liability Insurance
    D. Non-Disclosure Agreement

  • Question 164:

    Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted. Which one of the following scanned timing options in NMAP's scan is useful across slow WAN links or to hide the scan?

    A. Paranoid
    B. Sneaky
    C. Polite
    D. Normal

  • Question 165:

    Identify the injection attack represented in the diagram below:

    A. XPath Injection Attack
    B. XML Request Attack
    C. XML Injection Attack
    D. Frame Injection Attack

  • Question 166:

    DNS information records provide important data about:

    A. Phone and Fax Numbers
    B. Location and Type of Servers
    C. Agents Providing Service to Company Staff
    D. New Customer

  • Question 167:

    Which one of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?

    A. Sunbelt Network Security Inspector (SNSI)
    B. CORE Impact
    C. Canvas
    D. Microsoft Baseline Security Analyzer (MBSA)

  • Question 168:

    Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

    Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

    A. SSI injection attack
    B. Insecure cryptographic storage attack
    C. Hidden field manipulation attack
    D. Man-in-the-Middle attack

  • Question 169:

    Which one of the following log analysis tools is used for analyzing the server's log files?

    A. Performance Analysis of Logs tool
    B. Network Sniffer Interface Test tool
    C. Ka Log Analyzer tool
    D. Event Log Tracker tool

  • Question 170:

    Which one of the following architectures has the drawback of internally considering the hosted services individually?

    A. Weak Screened Subnet Architecture
    B. "Inside Versus Outside" Architecture
    C. "Three-Homed Firewall" DMZ Architecture
    D. Strong Screened-Subnet Architecture

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.