1. Home
  2. EC-COUNCIL
  3. 412-79

EC-Council Certified Security Analyst (ECSA)

Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Apr 03, 2025

EC-COUNCIL EC-COUNCIL Certifications 412-79 Questions & Answers

  • Question 121:

    In the context of file deletion process, which of the following statement holds true?

    A. When files are deleted, the data is overwritten and the cluster marked as available

    B. The longer a disk is inuse, the less likely it is that deleted files will be overwritten

    C. While booting, the machine may create temporary files that can delete evidence

    D. Secure delete programs work by completely overwriting the file in one go

  • Question 122:

    When examining a file with a Hex Editor, what space does the file header occupy?

    A. the last several bytes of the file

    B. the first several bytes of the file

    C. none, file headers are contained in the FAT

    D. one byte at the beginning of the file

  • Question 123:

    What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

    A. digital attack

    B. denial of service

    C. physical attack

    D. ARP redirect

  • Question 124:

    You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?

    A. trademark law

    B. copyright law

    C. printright law

    D. brandmark law

  • Question 125:

    Before you are called to testify as an expert, what must an attorney do first?

    A. engage in damage control

    B. prove that the tools you used to conduct your examination are perfect

    C. read your curriculum vitae to the jury

    D. qualify you as an expert witness

  • Question 126:

    You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?

    A. create a compressed copy of the file with DoubleSpace

    B. create a sparse data copy of a folder or file

    C. make a bit-stream disk-to-image file

    D. make a bit-stream disk-to-disk file

  • Question 127:

    The newer Macintosh Operating System is based on:

    A. OS/2

    B. BSD Unix

    C. Linux

    D. Microsoft Windows

  • Question 128:

    You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

    A. 0:1000, 150

    B. 0:1709, 150

    C. 1:1709, 150

    D. 0:1709-1858

  • Question 129:

    A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you

    are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

    03/15-20:21:24.107053

    ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP

    TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+=+=+=

    IpLen:20 DgmLen:84 Len: 64

    01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................ 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................

    00 00 00 11 00 00 00 00 ........

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

    IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

    A. The attacker has conducted a network sweep on port 111

    B. The attacker has scanned and exploited the system using Buffer Overflow

    C. The attacker has used a Trojan on port 32773

    D. The attacker has installed a backdoor

  • Question 130:

    How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

    A. 128

    B. 64

    C. 32

    D. 16

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.