1. Home
  2. EC-COUNCIL
  3. 412-79

EC-Council Certified Security Analyst (ECSA)

Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Mar 26, 2025

EC-COUNCIL EC-COUNCIL Certifications 412-79 Questions & Answers

  • Question 191:

    John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

    A. The SID of Hillary's network account

    B. The network shares that Hillary has permissions

    C. The SAM file from Hillary's computer

    D. Hillary's network username and password hash

  • Question 192:

    Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

    A. Poison the switch's MAC address table by flooding it with ACK bits

    B. Enable tunneling feature on the switch

    C. Trick the switch into thinking it already has a session with Terri's computer

    D. Crash the switch with a DoS attack since switches cannot send ACK bits

  • Question 193:

    Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and ombies? What type of Penetration Testing is Larry planning to carry out?

    A. Internal Penetration Testing

    B. Firewall Penetration Testing

    C. DoS Penetration Testing

    D. Router Penetration Testing

  • Question 194:

    You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position:

    7+ years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed

    What is this information posted on the job website considered?

    A. Information vulnerability

    B. Social engineering exploit

    C. Trade secret

    D. Competitive exploit

  • Question 195:

    Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

    A. Filtered

    B. Stealth

    C. Closed

    D. Open

  • Question 196:

    When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

    A. Avoid cross talk

    B. Avoid over-saturation of wireless signals

    C. So that the access points will work on different frequencies

    D. Multiple access points can be set up on the same channel without any issues

  • Question 197:

    A packet is sent to a router that does not have the packet destination address in its route table, how will the packet get to its properA packet is sent to a router that does not have the packet? destination address in its route table, how will the packet get to its proper destination?

    A. Root Internet servers

    B. Border Gateway Protocol

    C. Gateway of last resort

    D. Reverse DNS

  • Question 198:

    What is the following command trying to accomplish?

    A. Verify that TCP port 445 is open for the 192.168.0.0 network

    B. Verify that UDP port 445 is open for the 192.168.0.0 network

    C. Verify that UDP port 445 is closed for the 192.168.0.0 network

    D. Verify that NETBIOS is running for the 192.168.0.0 network

  • Question 199:

    What will the following URL produce in an unpatched IIS Web Server?

    A. Execute a buffer flow in the C: drive of the web server

    B. Insert a Trojan horse into the C: drive of the web server

    C. Directory listing of the C:\windows\system32 folder on the web server

    D. Directory listing of C: drive on the web server

  • Question 200:

    What is a good security method to prevent unauthorized users from "tailgating"?

    A. Electronic key systems

    B. Man trap

    C. Pick-resistant locks

    D. Electronic combination locks

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.