1. Home
  2. EC-COUNCIL
  3. 312-49

ECCouncil Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 05, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers

  • Question 231:

    What stage of the incident handling process involves reporting events?

    A. Containment

    B. Follow-up

    C. Identification

    D. Recovery

  • Question 232:

    When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

    A. RIM Messaging center

    B. Blackberry Enterprise server

    C. Microsoft Exchange server

    D. Blackberry desktop redirector

  • Question 233:

    What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?

    A. Copyright

    B. Design patent

    C. Trademark

    D. Utility patent

  • Question 234:

    Where is the startup configuration located on a router?

    A. Static RAM

    B. BootROM

    C. NVRAM

    D. Dynamic RAM

  • Question 235:

    While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

    A. The files have been marked as hidden

    B. The files have been marked for deletion

    C. The files are corrupt and cannot be recovered

    D. The files have been marked as read-only

  • Question 236:

    While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

    A. Technical material related to forensics

    B. No particular field

    C. Judging the character of defendants/victims

    D. Legal issues

  • Question 237:

    Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he

    has been working on for over six months. He is trying to find the right term to use in his report to describe

    network-enabled spying.

    What term should Harold use?

    A. Spycrack

    B. Spynet

    C. Netspionage

    D. Hackspionage

  • Question 238:

    Why would a company issue a dongle with the software they sell?

    A. To provide source code protection

    B. To provide wireless functionality with the software

    C. To provide copyright protection

    D. To ensure that keyloggers cannot be used

  • Question 239:

    What feature of Windows is the following command trying to utilize?

    A. White space

    B. AFS

    C. ADS

    D. Slack file

  • Question 240:

    When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

    A. Corrupt

    B. Bad

    C. Lost

    D. Unallocated

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.