1. Home
  2. EC-COUNCIL
  3. 312-49

EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 28, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 171:

    Which MySQL log file contains information on server start and stop?

    A. Slow query log file
    B. General query log file
    C. Binary log
    D. Error log file

  • Question 172:

    Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.

    A. Waffen FS
    B. RuneFS
    C. FragFS
    D. Slacker

  • Question 173:

    What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS disk?

    A. A compressed file
    B. A Data stream file
    C. An encrypted file
    D. A reserved file

  • Question 174:

    What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router represent?

    A. The system was not able to process the packet because there was not enough room for all of the desired IP header options
    B. Immediate action required messages
    C. Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available
    D. A packet matching the log criteria for the given access list has been detected (TCP or UDP)

  • Question 175:

    Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization's DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information?

    A. TypedURLs key
    B. MountedDevices key
    C. UserAssist Key
    D. RunMRU key

  • Question 176:

    Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

    He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

    A. Those connections are established
    B. Those connections are in listening mode
    C. Those connections are in closed/waiting mode
    D. Those connections are in timed out/waiting mode

  • Question 177:

    When is it appropriate to use computer forensics?

    A. If copyright and intellectual property theft/misuse has occurred
    B. If employees do not care for their boss management techniques
    C. If sales drop off for no apparent reason for an extended period of time
    D. If a financial institution is burglarized by robbers

  • Question 178:

    Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

    A. Block all internal MAC address from using SNMP
    B. Block access to UDP port 171
    C. Block access to TCP port 171
    D. Change the default community string names

  • Question 179:

    In Steganalysis, which of the following describes a Known-stego attack?

    A. The hidden message and the corresponding stego-image are known
    B. During the communication process, active attackers can change cover
    C. Original and stego-object are available and the steganography algorithm is known
    D. Only the steganography medium is available for analysis

  • Question 180:

    Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of investigation does this case require?

    A. Administrative Investigation
    B. Criminal Investigation
    C. Both Criminal and Administrative Investigation
    D. Civil Investigation

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.