Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
ECCouncil
ECSA
412-79v10
EC-Council Certified Security Analyst (ECSA) V10 Questions and Answers

Pass the ECCouncil ECSA 412-79v10 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 412-79v10 Premium Access

View all detail and faqs for the 412-79v10 exam

Go to Exam

706 Students Passed

89% Average Score

90% Same Questions

Viewing page 6 out of 6 pages

Viewing questions 51-60 out of questions

Questions # 51:

A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues.

Question # 51

What are the two types of ‘white-box’ penetration testing?

Options:

Announced testing and blind testing

Blind testing and double blind testing

Blind testing and unannounced testing

Announced testing and unannounced testing

Answer

Questions # 52:

Why is a legal agreement important to have before launching a penetration test?

Question # 52

Options:

Guarantees your consultant fees

Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

It is important to ensure that the target organization has implemented mandatory security policies

Answer

Questions # 53:

You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London.

After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

Options:

RaidSniff

Snort

Ettercap

Airsnort

Answer

Questions # 54:

Which one of the following log analysis tools is used for analyzing the server’s log files?

Options:

Performance Analysis of Logs tool

Network Sniffer Interface Test tool

Ka Log Analyzer tool

Event Log Tracker tool

Answer

Questions # 55:

A firewall’s decision to forward or reject traffic in network filtering is dependent upon which of the following?

Options:

Destination address

Port numbers

Source address

Protocol used

Answer

Questions # 56:

Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

Question # 56

Options:

ip.dst==10.0.0.7

ip.port==10.0.0.7

ip.src==10.0.0.7

ip.dstport==10.0.0.7

Answer

Questions # 57:

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers.

Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

Options:

net port 22

udp port 22 and host 172.16.28.1/24

src port 22 and dst port 22

src port 23 and dst port 23

Answer

Questions # 58:

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

Options:

Information-Protection Po

Paranoid Policy

Promiscuous Policy

Prudent Policy

Answer

Questions # 59:

Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?