1. Home
  2. EC-COUNCIL
  3. 312-49

ECCouncil Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 05, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers

  • Question 151:

    A master boot record (MBR) is the first sector ("sector zero") of a data storage device. What is the size of MBR?

    A. Depends on the capacity of the storage device

    B. 1048 Bytes

    C. 4092 Bytes

    D. 512 Bytes

  • Question 152:

    What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?

    A. Repairs logical file system errors

    B. Check the disk for hardware errors

    C. Check the disk for connectivity errors

    D. Check the disk for Slack Space

  • Question 153:

    Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

    A. Regshot

    B. TRIPWIRE

    C. RAM Computer

    D. Capsa

  • Question 154:

    When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called "INFO2" in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

    A. Undo the last action performed on the system

    B. Reboot Windows

    C. Use a recovery tool to undelete the file

    D. Download the file from Microsoft website

  • Question 155:

    Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to crack her password?

    A. Rule-based attack

    B. Brute force attack

    C. Syllable attack

    D. Hybrid attack

  • Question 156:

    Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

    A. HIPAA

    B. GLBA

    C. SOX

    D. FISMA

  • Question 157:

    Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract?

    A. Events history

    B. Previously typed commands

    C. History of the browser

    D. Passwords used across the system

  • Question 158:

    Which of the following files gives information about the client sync sessions in Google Drive on Windows?

    A. sync_log.log

    B. Sync_log.log

    C. sync.log

    D. Sync.log

  • Question 159:

    Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

    A. gif

    B. bmp

    C. jpeg

    D. png

  • Question 160:

    Which of the following tools will help the investigator to analyze web server logs?

    A. XRY LOGICAL

    B. LanWhois

    C. Deep Log Monitor

    D. Deep Log Analyzer

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.