312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :Jul 09, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 21:

    What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

    A. NTOSKRNL.EXE
    B. NTLDR
    C. LSASS.EXE
    D. NTDETECT.COM

  • Question 22:

    In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?

    A. RAID 1
    B. The images will always be identical because data is mirrored for redundancy
    C. RAID 0
    D. It will always be different

  • Question 23:

    Which of the following is a part of a Solid-State Drive (SSD)?

    A. Head
    B. Cylinder
    C. NAND-based flash memory
    D. Spindle

  • Question 24:

    Which of the following tools is not a data acquisition hardware tool?

    A. UltraKit
    B. Atola Insight Forensic
    C. F-Response Imager
    D. Triage-Responder

  • Question 25:

    Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations can he use to recover the IMEI number?

    A. #*06*#
    B. *#06#
    C. #06#*
    D. *IMEI#

  • Question 26:

    Why would a company issue a dongle with the software they sell?

    A. To provide source code protection
    B. To provide wireless functionality with the software
    C. To provide copyright protection
    D. To ensure that keyloggers cannot be used

  • Question 27:

    You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

    A. Polymorphic
    B. Metamorphic
    C. Oligomorhic
    D. Transmorphic

  • Question 28:

    An Expert witness give an opinion if:

    A. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors
    B. To define the issues of the case for determination by the finder of fact
    C. To stimulate discussion between the consulting expert and the expert witness
    D. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

  • Question 29:

    Which of the following processes is part of the dynamic malware analysis?

    A. Process Monitoring
    B. Malware disassembly
    C. Searching for the strings
    D. File fingerprinting

  • Question 30:

    You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?

    A. 10
    B. 25
    C. 110
    D. 135

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.