Free 412-79v8 Questions for EC-COUNCIL EC-Council Certified Security Analyst (ECSA) 412-79v8 Exam as PDF & Practice Test Engine

  • Exam Code/Number: 412-79v8
  • Exam Name/Title: EC-Council Certified Security Analyst (ECSA)
  • Certification Provider: EC-COUNCIL
  • Corresponding Certification: Certified Ethical Hacker
  • Exam Questions: 196
  • Updated On: Jun 28, 2026
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?
Correct Answer: B Vote an answer
The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client's operating environment, threat perception, security and compliance requirements, ROE, and budget. Various components need to be considered for testing while developing the scope of the project.

Which of the following is NOT a pen testing component to be tested?
Correct Answer: B Vote an answer
War Driving is the act of moving around a specific area, mapping the population of wireless access points for statistical purposes. These statistics are then used to raise awareness of the security problems associated with these types of networks. Which one of the following is a Linux based program that exploits the weak IV (Initialization Vector) problem documented with static WEP?
Correct Answer: D Vote an answer
Which one of the following components of standard Solaris Syslog is a UNIX command that is used to add single-line entries to the system log?
Correct Answer: D Vote an answer
Information gathering is performed to:
i) Collect basic information about the target company and its network
ii) Determine the operating system used, platforms running, web server versions, etc.
iii) Find vulnerabilities and exploits

Which of the following pen testing tests yields information about a company's technology infrastructure?
Correct Answer: A Vote an answer
Which one of the following is a command line tool used for capturing data from the live network and copying those packets to a file?
Correct Answer: D Vote an answer
SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query
via the data input or transmitted from the client (browser) to the web application.
A successful SQL injection attack can:
i)Read sensitive data from the database
iii)Modify database data (insert/update/delete)
iii)Execute administration operations on the database (such as shutdown the DBMS)
iV)Recover the content of a given file existing on the DBMS file system or write files into the file
system
v)Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.
In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?
Correct Answer: B Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
What is the maximum value of a "tinyint" field in most database systems?
Correct Answer: A Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?
Correct Answer: B Vote an answer
Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for their personal use and for inappropriate web site viewing. Management decide to block all such web sites using URL filtering software.

How can employees continue to see the blocked websites?
Correct Answer: A Vote an answer
HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the
Correct Answer: C Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.

Which of the following TCP/IP layers selects the best path through the network for packets to travel?
Correct Answer: D Vote an answer
Traffic on which port is unusual for both the TCP and UDP ports?
Correct Answer: B Vote an answer
0
0
0
10