1. Home
  2. EC-COUNCIL
  3. 312-49

ECCouncil Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 05, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers

  • Question 181:

    Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where "x" represents the ___________________.

    A. Drive name

    B. Original file name's extension

    C. Sequential number

    D. Original file name

  • Question 182:

    Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?

    A. Witness Authentication

    B. Direct Examination

    C. Expert Witness

    D. Cross Questioning

  • Question 183:

    Which rule requires an original recording to be provided to prove the content of a recording?

    A. 1004

    B. 1002

    C. 1003

    D. 1005

  • Question 184:

    The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?

    A. TRIPWIRE

    B. RAM Capturer

    C. Regshot

    D. What's Running

  • Question 185:

    Bob works as information security analyst for a big finance company. One day, the anomaly-based intrusion detection system alerted that a volumetric DDOS targeting the main IP of the main web server was occurring. What kind of attack is it?

    A. IDS attack

    B. APT

    C. Web application attack

    D. Network attack

  • Question 186:

    Which MySQL log file contains information on server start and stop?

    A. Slow query log file

    B. General query log file

    C. Binary log

    D. Error log file

  • Question 187:

    Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

    A. Inode bitmap block

    B. Superblock

    C. Block bitmap block

    D. Data block

  • Question 188:

    When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what does the "nnnn" denote?

    A. The initials of the forensics analyst

    B. The sequence number for the parts of the same exhibit

    C. The year he evidence was taken

    D. The sequential number of the exhibits seized by the analyst

  • Question 189:

    Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?

    A. Swap space

    B. Application data

    C. Files and documents

    D. Slack space

  • Question 190:

    What is the location of the binary files required for the functioning of the OS in a Linux system?

    A. /run

    B. /bin

    C. /root

    D. /sbin

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.