412-79V8 Exam Details

  • Exam Code
    :412-79V8
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :200 Q&As
  • Last Updated
    :Jul 08, 2026

EC-COUNCIL 412-79V8 Online Questions & Answers

  • Question 31:

    The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.

    The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the

    fragments back into the original full size IP datagram. IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in

    the IP header, are used for IP fragmentation and reassembly.

    The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

    A. Multiple of four bytes
    B. Multiple of two bytes
    C. Multiple of eight bytes
    D. Multiple of six bytes

  • Question 32:

    Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.

    Which of the following ICMP messages will be generated if the destination port is not reachable?

    A. ICMP Type 11 code 1
    B. ICMP Type 5 code 3
    C. ICMP Type 3 code 2
    D. ICMP Type 3 code 3

  • Question 33:

    A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.

    Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?

    A. Appliance based firewalls cannot be upgraded
    B. Firewalls implemented on a hardware firewall are highly scalable
    C. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
    D. Operating system firewalls are highly configured

  • Question 34:

    Which of the following attacks is an offline attack?

    A. Pre-Computed Hashes
    B. Hash Injection Attack
    C. Password Guessing
    D. Dumpster Diving

  • Question 35:

    An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

    During external penetration testing, which of the following scanning techniques allow you to determine a port's state without making a full connection to the host?

    A. XMAS Scan
    B. SYN scan
    C. FIN Scan
    D. NULL Scan

  • Question 36:

    What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

    A. Server Side Includes
    B. Sort Server Includes
    C. Server Sort Includes
    D. Slide Server Includes

  • Question 37:

    Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.

    Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

    A. Total number of employees in the client organization
    B. Type of testers involved
    C. The budget required
    D. Expected time required to finish the project

  • Question 38:

    Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

    A. Active/Passive Tools
    B. Application-layer Vulnerability Assessment Tools
    C. Location/Data Examined Tools
    D. Scope Assessment Tools

  • Question 39:

    Which of the following protocol's traffic is captured by using the filter tcp.port==3389 in the Wireshark tool?

    A. Reverse Gossip Transport Protocol (RGTP)
    B. Real-time Transport Protocol (RTP)
    C. Remote Desktop Protocol (RDP)
    D. Session Initiation Protocol (SIP)

  • Question 40:

    What is a difference between host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS)?

    A. NIDS are usually a more expensive solution to implement compared to HIDS.
    B. Attempts to install Trojans or backdoors cannot be monitored by a HIDS whereas NIDS can monitor and stop such intrusion events.
    C. NIDS are standalone hardware appliances that include network intrusion detection capabilities whereas HIDS consist of software agents installed on individual computers within the system.
    D. HIDS requires less administration and training compared to NIDS.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.