1. Home
  2. EC-COUNCIL
  3. 312-49

EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 28, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 91:

    On Linux/Unix based Web servers, what privilege should the daemon service be run under?

    A. Guest
    B. Root
    C. You cannot determine what privilege runs the daemon service
    D. Something other than root

  • Question 92:

    When investigating a Windows System, it is important to view the contents of the page or swap file because:

    A. Windows stores all of the systems configuration information in this file
    B. This is file that windows use to communicate directly with Registry
    C. A Large volume of data can exist within the swap file of which the computer user has no knowledge
    D. This is the file that windows use to store the history of the last 100 commands that were run from the command line

  • Question 93:

    What is the smallest physical storage unit on a hard drive?

    A. Track
    B. Cluster
    C. Sector
    D. Platter

  • Question 94:

    An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense.

    A. Expert in criminal investigation
    B. Subject matter specialist
    C. Witness present at the crime scene
    D. Expert law graduate appointed by attorney

  • Question 95:

    Which of the following tool creates a bit-by-bit image of an evidence media?

    A. Recuva
    B. FileMerlin
    C. AccessData FTK Imager
    D. Xplico

  • Question 96:

    What does 254 represent in ICCID 89254021520014515744?

    A. Industry Identifier Prefix
    B. Country Code
    C. Individual Account Identification Number
    D. Issuer Identifier Number

  • Question 97:

    Which part of the Windows Registry contains the user's password file?

    A. HKEY_LOCAL_MACHINE
    B. HKEY_CURRENT_CONFIGURATION
    C. HKEY_USER
    D. HKEY_CURRENT_USER

  • Question 98:

    Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

    A. Two
    B. One
    C. Three
    D. Four

  • Question 99:

    %3cscript%3ealert("XXXXXXXX")%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?

    A. Double encoding
    B. Hex encoding
    C. Unicode
    D. Base64

  • Question 100:

    Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called?

    A. Globally unique ID
    B. Microsoft Virtual Machine Identifier
    C. Personal Application Protocol
    D. Individual ASCII string

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.