1. Home
  2. EC-COUNCIL
  3. 412-79V8

EC-Council Certified Security Analyst (ECSA)

Exam Details

  • Exam Code
    :412-79V8
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :ECCouncil Certification
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :200 Q&As
  • Last Updated
    :May 09, 2024

EC-COUNCIL ECCouncil Certification 412-79V8 Questions & Answers

  • Question 31:

    Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted. Which one of the following scanned timing options in NMAP's scan is useful across slow WAN links or to hide the scan?

    A. Paranoid

    B. Sneaky

    C. Polite

    D. Normal

  • Question 32:

    Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

    A. SYN Scan

    B. Connect() scan

    C. XMAS Scan

    D. Null Scan

  • Question 33:

    One needs to run "Scan Server Configuration" tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interface of the Nessus daemon to be configured. By default, the Nessus daemon listens to connections on which one of the following?

    A. Localhost (127.0.0.1) and port 1241

    B. Localhost (127.0.0.1) and port 1240

    C. Localhost (127.0.0.1) and port 1246

    D. Localhost (127.0.0.0) and port 1243

  • Question 34:

    Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed and it is used to determine which ports are open and listening on a target device?

    A. SYN Scan

    B. TCP Connect Scan

    C. XMAS Scan

    D. Null Scan

  • Question 35:

    Besides the policy implications of chat rooms, Internet Relay Chat (IRC) is frequented by attackers and used as a command and control mechanism. IRC normally uses which one of the following TCP ports?

    A. 6566 TCP port

    B. 6771 TCP port

    C. 6667 TCP port

    D. 6257 TCP port

  • Question 36:

    Which one of the following is a command line tool used for capturing data from the live network and copying those packets to a file?

    A. Wireshark: Capinfos

    B. Wireshark: Tcpdump

    C. Wireshark: Text2pcap

    D. Wireshark: Dumpcap

  • Question 37:

    Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?

    A. Tcpdump

    B. Capinfos

    C. Tshark

    D. Idl2wrs

  • Question 38:

    Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field. If the destination is not reachable, which one of the following are generated?

    A. Type 8 ICMP codes

    B. Type 12 ICMP codes

    C. Type 3 ICMP codes

    D. Type 7 ICMP codes

  • Question 39:

    Firewall is an IP packet filter that enforces the filtering and security policies to the flowing network traffic. Using firewalls in IPv6 is still the best way of protection from low level attacks at the network and transport layers. Which one of the following cannot handle routing protocols properly?

    A. "Internet-router-firewall-net architecture"

    B. "Internet-firewall-router-net architecture"

    C. "Internet-firewall/router(edge device)-net architecture"

    D. "Internet-firewall -net architecture"

  • Question 40:

    Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper layers. Port numbers have the assigned ranges. The port numbers above 1024 are considered as which one of the following? (Select all that apply)

    A. Well-known port numbers

    B. Dynamically assigned port numbers

    C. Unregistered port numbers

    D. Statically assigned port numbers

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.