1. Home
  2. EC-COUNCIL
  3. 312-49

ECCouncil Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 05, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers

  • Question 201:

    Which of the following technique creates a replica of an evidence media?

    A. Data Extraction

    B. Backup

    C. Bit Stream Imaging

    D. Data Deduplication

  • Question 202:

    The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?

    A. 512 bits

    B. 512 bytes

    C. 256 bits

    D. 256 bytes

  • Question 203:

    Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

    A. Net config

    B. Net file

    C. Net share

    D. Net sessions

  • Question 204:

    Which of the following are small pieces of data sent from a website and stored on the user's computer by the user's web browser to track, validate, and maintain specific user information?

    A. Temporary Files

    B. Open files

    C. Cookies

    D. Web Browser Cache

  • Question 205:

    Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:

    A. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

    B. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\System Management

    C. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Device Management

    D. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

  • Question 206:

    Which of the following commands shows you all of the network services running on Windows-based servers?

    A. Netstart

    B. Net Session

    C. Net use

    D. Net config

  • Question 207:

    Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

    A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList

    C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegList

    D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Regedit

  • Question 208:

    Which code does the FAT file system use to mark the file as deleted?

    A. ESH

    B. 5EH

    C. H5E

    D. E5H

  • Question 209:

    What does the 63.78.199.4(161) denotes in a Cisco router log?

    Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029)

    -> 63.78.199.4(161), 1 packet

    A. Destination IP address

    B. Source IP address

    C. Login IP address

    D. None of the above

  • Question 210:

    Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

    A. Domain Controller

    B. Firewall

    C. SIEM

    D. IDS

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.