1. Home
  2. EC-COUNCIL
  3. 312-49

EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 28, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 281:

    Which tool does the investigator use to extract artifacts left by Google Drive on the system?

    A. PEBrowse Professional
    B. RegScanner
    C. RAM Capturer
    D. Dependency Walker

  • Question 282:

    What is the following command trying to accomplish?

    A. Verify that UDP port 445 is open for the 192.168.0.0 network
    B. Verify that TCP port 445 is open for the 192.168.0.0 network
    C. Verify that NETBIOS is running for the 192.168.0.0 network
    D. Verify that UDP port 445 is closed for the 192.168.0.0 network

  • Question 283:

    What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

    A. mcopy
    B. image
    C. MD5
    D. dd

  • Question 284:

    Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?

    A. MIME
    B. BINHEX
    C. UT-16
    D. UUCODE

  • Question 285:

    In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

    A. Security Administrator
    B. Network Administrator
    C. Director of Information Technology
    D. Director of Administration

  • Question 286:

    When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

    A. Universal Time Set
    B. Network Time Protocol
    C. SyncTime Service
    D. Time-Sync Protocol

  • Question 287:

    Which of the following stages in a Linux boot process involve initialization of the system's hardware?

    A. BIOS Stage
    B. Bootloader Stage
    C. BootROM Stage
    D. Kernel Stage

  • Question 288:

    How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

    A. 128
    B. 64
    C. 32
    D. 16

  • Question 289:

    What layer of the OSI model do TCP and UDP utilize?

    A. Data Link
    B. Network
    C. Transport
    D. Session

  • Question 290:

    During the course of a corporate investigation, you find that an Employee is committing a crime. Can the Employer file a criminal complaint with Police?

    A. Yes, and all evidence can be turned over to the police
    B. Yes, but only if you turn the evidence over to a federal law enforcement agency
    C. No, because the investigation was conducted without following standard police procedures
    D. No, because the investigation was conducted without warrant

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.