1. Home
  2. EC-COUNCIL
  3. 412-79V8

EC-Council Certified Security Analyst (ECSA)

Exam Details

  • Exam Code
    :412-79V8
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :ECCouncil Certification
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :200 Q&As
  • Last Updated
    :May 09, 2024

EC-COUNCIL ECCouncil Certification 412-79V8 Questions & Answers

  • Question 191:

    Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?

    A. Visit Google's search engine and view the cached copy

    B. Crawl and download the entire website using the Surfoffline tool and save them to his computer

    C. Visit the company's partners' and customers' website for this information

    D. Use WayBackMachine in Archive.org web site to retrieve the Internet archive

  • Question 192:

    Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

    What is the last step in preparing a Rules of Engagement (ROE) document?

    A. Conduct a brainstorming session with top management and technical teams

    B. Decide the desired depth for penetration testing

    C. Conduct a brainstorming session with top management and technical teams

    D. Have pre-contract discussions with different pen-testers

  • Question 193:

    Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company.

    Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.

    Which of the following password cracking attacks tries every combination of characters until the password is broken?

    A. Brute-force attack

    B. Rule-based attack

    C. Hybrid attack

    D. Dictionary attack

  • Question 194:

    Which of the following appendices gives detailed lists of all the technical terms used in the report?

    A. Required Work Efforts

    B. References

    C. Research

    D. Glossary

  • Question 195:

    An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

    During external penetration testing, which of the following scanning techniques allow you to determine a port's state without making a full connection to the host?

    A. XMAS Scan

    B. SYN scan

    C. FIN Scan

    D. NULL Scan

  • Question 196:

    When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

    A. Passive IDS

    B. Active IDS

    C. Progressive IDS

    D. NIPS

  • Question 197:

    HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the

    A. ASCII value of the character

    B. Binary value of the character

    C. Decimal value of the character

    D. Hex value of the character

  • Question 198:

    Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?

    A. Invalid username or password

    B. Account username was not found

    C. Incorrect password

    D. Username or password incorrect

  • Question 199:

    A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table: http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'-http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'-- http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'-- http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'-

    What is the table name?

    A. CTS

    B. QRT

    C. EMP

    D. ABC

  • Question 200:

    Which of the following password cracking techniques is used when the attacker has some information about the password?

    A. Hybrid Attack

    B. Dictionary Attack

    C. Syllable Attack

    D. Rule-based Attack

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.