Exam Details
Exam Code
:312-49Exam Name
:ECCouncil Computer Hacking Forensic Investigator (V9)Certification
:EC-COUNCIL CertificationsVendor
:EC-COUNCILTotal Questions
:531 Q&AsLast Updated
:May 05, 2025
EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers
-
Question 191:
Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?
A. Portable Document Format
B. MS-office Word Document
C. MS-office Word OneNote
D. MS-office Word PowerPoint
-
Question 192:
Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.
What RAID level is represented here?
A. RAID Level 0
B. RAID Level 5
C. RAID Level 3
D. RAID Level 1
-
Question 193:
Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?
A. Rule-Based Approach
B. Automated Field Correlation
C. Field-Based Approach
D. Graph-Based Approach
-
Question 194:
Which of the following tool creates a bit-by-bit image of an evidence media?
A. Recuva
B. FileMerlin
C. AccessData FTK Imager
D. Xplico
-
Question 195:
Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?
A. Bootloader Stage
B. Kernel Stage
C. BootROM Stage
D. BIOS Stage
-
Question 196:
Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?
A. 18 USC - 029
B. 18 USC - 030
C. 18 USC - 361
D. 18 USC - 371
-
Question 197:
Casey has acquired data from a hard disk in an open source acquisition format that allows her to generate compressed or uncompressed image files. What format did she use?
A. Portable Document Format
B. Advanced Forensics Format (AFF)
C. Proprietary Format
D. Raw Format
-
Question 198:
Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information from the service provider?
A. Citizen Informant Search Warrant
B. Electronic Storage Device Search Warrant
C. John Doe Search Warrant
D. Service Provider Search Warrant
-
Question 199:
Madison is on trial for allegedly breaking into her university's internal network. The police raided her dorm room and seized all of her computer equipment. Madison's lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison's lawyer trying to prove the police violated?
A. The 4th Amendment
B. The 1st Amendment
C. The 10th Amendment
D. The 5th Amendment
-
Question 200:
In Windows Security Event Log, what does an event id of 530 imply?
A. Logon Failure - Unknown user name or bad password
B. Logon Failure - User not allowed to logon at this computer
C. Logon Failure - Account logon time restriction violation
D. Logon Failure - Account currently disabled
Related Exams:
112-51
EC-Council Certified Network Defense Essentials (NDE)212-77
EC-Council Certified Linux Security212-81
EC-Council Certified Encryption Specialist (ECES)212-82
EC-Council Certified Cybersecurity Technician (C|CT)212-89
EC-Council Certified Incident Handler (ECIH)312-38
EC-Council Certified Network Defender (CND)312-39
EC-Council Certified SOC Analyst (CSA)312-40
EC-Council Certified Cloud Security Engineer (CCSE)312-49
ECCouncil Computer Hacking Forensic Investigator (V9)312-49V10
EC-Council Certified Computer Hacking Forensic Investigator (V10)
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.