1. Home
  2. EC-COUNCIL
  3. 412-79V10

EC-Council Certified Security Analyst (ECSA) V10

Exam Details

  • Exam Code
    :412-79V10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) V10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :201 Q&As
  • Last Updated
    :Mar 23, 2025

EC-COUNCIL EC-COUNCIL Certifications 412-79V10 Questions & Answers

  • Question 81:

    Due to illegal inputs, various types of TCP stacks respond in a different manner. Some IDSs do not take into account the TCP protocol's urgency feature, which could allow testers to evade the IDS.

    Penetration tester needs to try different combinations of TCP flags (e.g. none, SYN/FIN, SYN/RST, SYN/ FIN/ACK, SYN/RST/ACK, and All Flags) to test the IDS.

    Which of the following TCP flag combinations combines the problem of initiation, midstream, and termination flags with the PSH and URG?

    A. SYN/RST/ACK

    B. SYN/FIN/ACK

    C. SYN/FIN

    D. All Flags

  • Question 82:

    Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs. One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named "Access Point Detection". This plug- in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?

    A. NMAP TCP/IP fingerprinting

    B. HTTP fingerprinting

    C. FTP fingerprinting

    D. SNMP fingerprinting

  • Question 83:

    Which one of the following architectures has the drawback of internally considering the hosted services individually?

    A. Weak Screened Subnet Architecture

    B. "Inside Versus Outside" Architecture

    C. "Three-Homed Firewall" DMZ Architecture

    D. Strong Screened-Subnet Architecture

  • Question 84:

    Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?

    A. 3001-3100

    B. 5000-5099

    C. 6666-6674

    D. 0-1023

  • Question 85:

    John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool.

    Which one of the following Nmap commands will he use to find it?

    A. nmap -sU -p 389 10.0.0.7

    B. nmap -sU -p 123 10.0.0.7

    C. nmap -sU -p 161 10.0.0.7

    D. nmap -sU -p 135 10.0.0.7

  • Question 86:

    What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

    A. Server Side Includes

    B. Sort Server Includes

    C. Server Sort Includes

    D. Slide Server Includes

  • Question 87:

    Firewall and DMZ architectures are characterized according to its design. Which one of the following architectures is used when routers have better high-bandwidth data stream handling capacity?

    A. Weak Screened Subnet Architecture

    B. "Inside Versus Outside" Architecture

    C. "Three-Homed Firewall" DMZ Architecture

    D. Strong Screened-Subnet Architecture

  • Question 88:

    Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.

    What does a vulnerability assessment identify?

    A. Disgruntled employees

    B. Weaknesses that could be exploited

    C. Physical security breaches

    D. Organizational structure

  • Question 89:

    Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement:

    A. Information System Security Assessment Framework (ISSAF)

    B. Microsoft Internet Security Framework

    C. Nortells Unified Security Framework

    D. Federal Information Technology Security Assessment Framework

  • Question 90:

    ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.

    ARP spoofing attack is used as an opening for other attacks.

    What type of attack would you launch after successfully deploying ARP spoofing?

    A. Parameter Filtering

    B. Social Engineering

    C. Input Validation

    D. Session Hijacking

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.