EC-Council Certified Security Analyst (ECSA) - 412-79v8 Exam Practice Test

Question 1

The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

What is the biggest source of data leaks in organizations today?

A. Weak passwords and lack of identity management

B. Insufficient IT security budget

C. Vulnerabilities, risks, and threats facing Web sites

D. Rogue employees and insider attacks

Correct Answer: D

Question 2

Which of the following will not handle routing protocols properly?

A. "Internet-firewall-router-net architecture"

B. "Internet-firewall/router(edge device)-net architecture"

C. "Internet-firewall -net architecture"

D. "Internet-router-firewall-net architecture"

Correct Answer: A

Question 3

What is the difference between penetration testing and vulnerability testing?

A. Penetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans

B. Penetration testingis based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities

C. Vulnerability testing is more expensive than penetration testing

D. Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of 'in-depth ethical hacking'

Correct Answer: D

Question 4

Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?

A. Vulnerabilities checklists

B. Action Plan

C. Configuration checklists

D. Testing Plan

Correct Answer: A

Question 5

An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

During external penetration testing, which of the following scanning techniques allow you to determine a port's state without making a full connection to the host?

A. SYN scan

B. FIN Scan

C. XMAS Scan

D. NULL Scan

Correct Answer: A

Question 6

Firewall and DMZ architectures are characterized according to its design. Which one of the following architectures is used when routers have better high-bandwidth data stream handling capacity?

A. Weak Screened Subnet Architecture

B. "Inside Versus Outside" Architecture

C. "Three-Homed Firewall" DMZ Architecture

D. Strong Screened-Subnet Architecture

Correct Answer: A

Question 7

Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.
Depending on the packet and the criteria, the firewall can: i)Drop the packet ii)Forward it or send a message to the originator

At which level of the OSI model do the packet filtering firewalls work?

A. Network layer

B. Application layer

C. Transport layer

D. Physical layer

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 8

Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

A. ./snort -dv -r packet.log

B. ./snort -dev -l ./log

C. ./snort -dvr packet.log icmp

D. ./snort -l ./log -b

Correct Answer: A

Question 9

Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization.
An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.

What is the formula to calculate risk?

A. Risk = Loss x Exposure factor

B. Risk = Threats x Attacks

C. Risk = Goodwill x Reputation

D. Risk = Budget x Time

Correct Answer: A

Question 10

Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?

A. Syslog Manager

B. Sawmill

C. Event Log Tracker

D. Event Log Explorer

Correct Answer: B

Question 11

Application security assessment is one of the activity that a pen tester performs in the attack phase. It is designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. It checks the application so that a malicious user cannot access, modify, or destroy data or services within the system.

Identify the type of application security assessment which analyzes the application-based code to confirm that it does not contain any sensitive information that an attacker might use to exploit an application.

A. Source Code Review

B. Functionality Testing

C. Web Penetration Testing

D. Authorization Testing

Correct Answer: A

Question 12

Which one of the following commands is used to search one of more files for a specific pattern and it helps in organizing the firewall log files?

A. gprn

B. grep

C. grpck

D. gpgv

Correct Answer: B

Question 13

A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues.

What are the two types of 'white-box' penetration testing?

A. Blind testing and double blind testing

B. Blind testing and unannounced testing

C. Announced testing and unannounced testing

D. Announced testing and blind testing

Correct Answer: C

Question 14

Which one of the following is a supporting tool for 802.11 (wireless) packet injections, it spoofs
802.11 packets to verify whether the access point is valid or not?

A. Explanation:
QUESTIONNO: 181 A Demilitarized Zone (DMZ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization. Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?
A. Lightweight Directory Access Protocol (LDAP)
B. Simple NetworkManagement Protocol (SNMP)
C. Telnet
D. Secure Shell (SSH)

B. Airsnort

C. WEPCrack

D. Aircrack

E. Airpwn

Correct Answer: E

EC-COUNCIL EC-Council Certified Security Analyst (ECSA) - 412-79v8 Exam Practice Test

Latest Update

Useful Links

Contact Us