1. Home
  2. EC-COUNCIL
  3. 412-79V10

EC-Council Certified Security Analyst (ECSA) V10

Exam Details

  • Exam Code
    :412-79V10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) V10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :201 Q&As
  • Last Updated
    :Mar 31, 2025

EC-COUNCIL EC-COUNCIL Certifications 412-79V10 Questions & Answers

  • Question 121:

    A penetration tester performs OS fingerprinting on the target server to identify the operating system used on the target server with the help of ICMP packets.

    While performing ICMP scanning using Nmap tool, message received/type displays "3 ?Destination Unreachable[5]" and code 3.

    Which of the following is an appropriate description of this response?

    A. Destination port unreachable

    B. Destination host unavailable

    C. Destination host unreachable

    D. Destination protocol unreachable

  • Question 122:

    Which of the following is NOT generally included in a quote for penetration testing services?

    A. Type of testing carried out

    B. Type of testers involved

    C. Budget required

    D. Expected timescale required to finish the project

  • Question 123:

    TCP/IP provides a broad range of communication protocols for the various applications on the network. The TCP/IP model has four layers with major protocols included within each layer. Which one of the following protocols is used to collect information from all the network devices?

    A. Simple Network Management Protocol (SNMP)

    B. Network File system (NFS)

    C. Internet Control Message Protocol (ICMP)

    D. Transmission Control Protocol (TCP)

  • Question 124:

    Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization.

    An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.

    What is the formula to calculate risk?

    A. Risk = Budget x Time

    B. Risk = Goodwill x Reputation

    C. Risk = Loss x Exposure factor

    D. Risk = Threats x Attacks

  • Question 125:

    A Demilitarized Zone (DMZ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization. Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?

    A. Lightweight Directory Access Protocol (LDAP)

    B. Simple Network Management Protocol (SNMP)

    C. Telnet

    D. Secure Shell (SSH)

  • Question 126:

    War Driving is the act of moving around a specific area, mapping the population of wireless access points for statistical purposes. These statistics are then used to raise awareness of the security problems associated with these types of networks. Which one of the following is a Linux based program that exploits the weak IV (Initialization Vector) problem documented with static WEP?

    A. Airsnort

    B. Aircrack

    C. WEPCrack

    D. Airpwn

  • Question 127:

    Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

    Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

    A. SSI injection attack

    B. Insecure cryptographic storage attack

    C. Hidden field manipulation attack

    D. Man-in-the-Middle attack

  • Question 128:

    To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?

    A. Circuit level gateway

    B. Stateful multilayer inspection firewall

    C. Packet filter

    D. Application level gateway

  • Question 129:

    Which of the following has an offset field that specifies the length of the header and data?

    A. IP Header

    B. UDP Header

    C. ICMP Header

    D. TCP Header

  • Question 130:

    During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?

    A. Examine Source of the Available Pages

    B. Perform Web Spidering

    C. Perform Banner Grabbing

    D. Check the HTTP and HTML Processing by the Browser

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.