EC-Council Certified Security Analyst (ECSA) 412-79 

About EC-Council Certified Security Analyst Exam

EC-Council Certified Security Analyst certification exam is focused on assessing candidate skills on penetration testing by EC-Council. ECSA exam validates your skills and knowledge on network penetration testing, database penetration testing, web application penetration testing, wireless network penetration testing, cloud penetration testing, social engineering penetration testing and reporting of penetration testing. ECSA exam is the popular certification for penetration testers, security analysts, system and network administrators and for professionals engaged in information security.

Who should take the exam?

Candidates taking this exam are professionals engaged in information security or penetration testing roles. Systems engineers, system or network administrators should also opt for the certification to better their career prospects 

Course Structure

EC-Council Certified Security Analyst (ECSA) 412-79 Exam covers the following topics - 

Domain 1 - Penetration Testing Essential Concepts - 20.72%

• Computer Network Fundamentals
• Network Security Controls and Devices
• Windows and Linux Security
• Web Application and Web Server Architecture and Operations
• Web Application Security Mechanisms
• Information Security Attacks
• Information Security Standards 

Domain 2 - Introduction to Penetration Testing Methodologies - 5.63%

• Penetration Testing Process and Methodologies & Benefits
• Types, Areas and Selection of Pentesting 

Domain 3 - Penetration Testing Scoping and Engagement Methodology - 5.38%

• Penetration Testing Scoping and Rules and Engagement
• Penetration Testing Engagement Contract and Preparation 

Domain 4 - Open-Source Intelligence (OSINT) Methodology - 4.80%

• OSINT Through World Wide Web (WWW), Website Analysis, DNS Interrogation
• Automating your OSINT Effort Using Tools/Frameworks/Scripts 

Domain 5 - Social Engineering Penetration Testing Methodology - 5.26%

• Social Engineering Penetration Testing Techniques & Steps
• Social Engineering Penetration testing using E

Domain 6 - Network Penetration Testing Methodology – External - 5.84%

• External Network Information & Reconnaissance
• Scanning, and Exploitation 

Domain 7 - Network Penetration Testing Methodology – Internal - 8.62%

• Internal Network Information Reconnaissance and Scanning
• Internal Network Enumeration and Vulnerability Scanning
• Local and Remote System Exploitation 

Domain 8 - Network Penetration Testing Methodology - Perimeter Devices - 7.84%

• Firewall Security Assessment Techniques
• iDs Security Assessment Techniques
• Router and Switch Security Assessment Techniques 

Domain 9 - Web Application Penetration Testing Methodology - 11.30%

• Web Application Content Discovery and Vulnerability Scanning
• SQL Injection Vulnerability Penetration Testing
• XSS, Parameter Tampering, Weak Cryptography, Security Misconfiguration and Client side scripting, vulnerabilities penetration techniques
• Authentication, Authorization, session, Web Server Vulnerabilities Penetration Testing 

Domain 10 - Database Penetration Testing Methodology - 5.10%

• Database Penetration Testing Techniques & Information Reconnaissance
• Database Enumeration & Exploitation 

Domain 11 - Wireless Penetration Testing Methodology - 9.22%

• WLAN Penetration Testing Techniques
• RFID and NFC Penetration Testing Techniques
• Mobile Device Penetration Testing Techniques
• loT Penetration Testing Techniques 

Domain 12 - Cloud Penetration Testing Methodology - 4.65%

• Cloud Specific Penetration Testing Techniques and Recommendations
• Cloud Specific Penetration Testing Methods 

Domain 5 - Report Writing and Post Testing Actions - 5.63%

• Penetration Testing Report Writing Process
• Penetration Testing Reporting Formats

Exam Pattern 

• Exam Name: EC-Council Certified Security Analyst (ECSA)
• Exam Code: 412-79
• Number of Questions: 150
• Length of Time:  240 Minutes
• Registration Fee: $999.00
• Passing Score: 70% 
• Exam Language English

What do we offer?

• Full-Length Mock Test with unique questions in each test set
• Practice objective questions with section-wise scores
• An in-depth and exhaustive explanation for every question
• Reliable exam reports evaluating strengths and weaknesses
• Latest Questions with an updated version
• Tips & Tricks to crack the test
• Unlimited access

What are our Practice Exams?

• Practice exams have been designed by professionals and domain experts that simulate real time exam scenario.
• Practice exam questions have been created on the basis of content outlined in the official documentation.
• Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
• Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
• You can also create your own practice exam based on your choice and preference 

100% Assured Test Pass Guarantee

We have built the TestPrepTraining Practice exams with 100% Unconditional and assured Test Pass Guarantee! 

If you are not able to clear the exam, you can ask for a 100% refund.