Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 412-79V9

EC-Council 412-79V9 Exam Questions
EC-Council Certified Security Analyst (ECSA) v9 (Page 3 )

Updated On: 15-Feb-2026
Page 3 of 42
PDF with 203 Questions

Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.



New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
What is the biggest threat to Web 2.0 technologies?

  1. SQL Injection Attacks
  2. Service Level Configuration Attacks
  3. Inside Attacks
  4. URL Tampering Attacks

Answer(s): A



In which of the following firewalls are the incoming or outgoing packets blocked from accessing services for which there is no proxy?

  1. Circuit level firewalls
  2. Packet filters firewalls
  3. Stateful multilayer inspection firewalls
  4. Application level firewalls

Answer(s): D


Reference:

http://www.vicomsoft.com/learning-center/firewalls/



Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

  1. ./snort -dvr packet.log icmp
  2. ./snort -dev -l ./log
  3. ./snort -dv -r packet.log
  4. ./snort -l ./log ­b

Answer(s): C



Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

  1. Service-based Assessment Solutions
  2. Product-based Assessment Solutions
  3. Tree-based Assessment
  4. Inference-based Assessment

Answer(s): C


Reference:

http://www.netsense.info/downloads/security_wp_mva.pdf (page 12, tree-based assessment technology, second para)



Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.



Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

  1. SSI injection attack
  2. Insecure cryptographic storage attack
  3. Hidden field manipulation attack
  4. Man-in-the-Middle attack

Answer(s): B






Post your Comments and Discuss EC-Council 412-79V9 exam dumps with other Community members:

Join the 412-79V9 Discussion