1. Home
  2. EC-COUNCIL
  3. 412-79

EC-Council Certified Security Analyst (ECSA)

Exam Details

  • Exam Code
    :412-79
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Mar 26, 2025

EC-COUNCIL EC-COUNCIL Certifications 412-79 Questions & Answers

  • Question 61:

    You should make at least how many bit-stream copies of a suspect drive?

    A. 1

    B. 2

    C. 3

    D. 4

  • Question 62:

    Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

    A. network-based IDS systems (NIDS)

    B. host-based IDS systems (HIDS)

    C. anomaly detection

    D. signature recognition

  • Question 63:

    Why should you note all cable connections for a computer you want to seize as evidence?

    A. to know what outside connections existed

    B. in case other devices were connected

    C. to know what peripheral devices exist

    D. to know what hardware existed

  • Question 64:

    What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

    A. ICMP header field

    B. TCP header field

    C. IP header field

    D. UDP header field

  • Question 65:

    What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

    A. forensic duplication of hard drive

    B. analysis of volatile data

    C. comparison of MD5 checksums

    D. review of SIDs in the Registry

  • Question 66:

    Which response organization tracks hoaxes as well as viruses?

    A. NIPC

    B. FEDCIRC

    C. CERT D. CIAC

  • Question 67:

    Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?

    A. 18 U.S.C. 1029

    B. 18 U.S.C. 1362

    C. 18 U.S.C. 2511

    D. 18 U.S.C. 2703

  • Question 68:

    Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

    A. the Microsoft Virtual Machine Identifier

    B. the Personal Application Protocol

    C. the Globally Unique ID

    D. the Individual ASCII String

  • Question 69:

    What TCP/UDP port does the toolkit program netstat use?

    A. Port 7

    B. Port 15

    C. Port 23

    D. Port 69

  • Question 70:

    In a FAT32 system, a 123 KB file will use how many sectors?

    A. 34

    B. 246

    C. 11

    D. 56

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.