1. Home
  2. EC-COUNCIL
  3. 412-79

EC-Council Certified Security Analyst (ECSA)

Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Mar 26, 2025

EC-COUNCIL EC-COUNCIL Certifications 412-79 Questions & Answers

  • Question 201:

    If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

    A. 31401

    B. The zombie will not send a response

    C. 31402

    D. 31399

  • Question 202:

    Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?

    A. Application-level proxy firewall

    B. Data link layer firewall

    C. Packet filtering firewall

    D. Circuit-level proxy firewall

  • Question 203:

    Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

    A. Only an HTTPS session can be hijacked

    B. Only DNS traffic can be hijacked

    C. Only FTP traffic can be hijacked

    D. HTTP protocol does not maintain session

  • Question 204:

    Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

    A. Smurf scan

    B. Tracert

    C. Ping trace

    D. ICMP ping sweep

  • Question 205:

    Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded

    sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

    A. Intruding into a honeypot is not illegal

    B. Entrapment

    C. Intruding into a DMZ is not illegal

    D. Enticement

  • Question 206:

    Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search.

    link:www.ghttech.net

    What will this search produce?

    A. All sites that link to ghttech.net

    B. Sites that contain the code: link:www.ghttech.net

    C. All sites that ghttech.net links to

    D. All search engines that link to .net domains

  • Question 207:

    On Linux/Unix based Web servers, what privilege should the daemon service be run under?

    A. Guest

    B. You cannot determine what privilege runs the daemon service

    C. Root

    D. Something other than root

  • Question 208:

    After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

    A. IPSEC does not work with packet filtering firewalls

    B. NAT does not work with IPSEC

    C. NAT does not work with statefull firewalls

    D. Statefull firewalls do not work with packet filtering firewalls

  • Question 209:

    You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

    A. Nmap

    B. Netcraft

    C. Ping sweep

    D. Dig

  • Question 210:

    To test your website for vulnerabilities, you type in a quotation mark (? for the username field. After you click Ok, you receive the following error message window:

    What can you infer from this error window? Exhibit:

    A. SQL injection is not possible

    B. SQL injection is possible

    C. The user for line 3306 in the SQL database has a weak password

    D. The quotation mark (? is a valid username

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.