1. Home
  2. EC-COUNCIL
  3. 312-49

EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 28, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 351:

    As a CHFI professional, which of the following is the most important to your professional reputation?

    A. Your Certifications
    B. The correct, successful management of each and every case
    C. The free that you charge
    D. The friendship of local law enforcement officers

  • Question 352:

    What type of equipment would a forensics investigator store in a StrongHold bag?

    A. PDAPDA
    B. Backup tapes
    C. Hard drives
    D. Wireless cards

  • Question 353:

    A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation?

    A. Image the disk and try to recover deleted files
    B. Seek the help of co-workers who are eye-witnesses
    C. Check the Windows registry for connection data (you may or may not recover)
    D. Approach the websites for evidence

  • Question 354:

    Where does Encase search to recover NTFS files and folders?

    A. MBR
    B. MFT
    C. Slack space
    D. HAL

  • Question 355:

    Which of the following tool captures and allows you to interactively browse the traffic on a network?

    A. Security Task Manager
    B. Wireshark
    C. ThumbsDisplay
    D. RegScanner

  • Question 356:

    A(n) _____________________ is one that's performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

    A. blackout attack
    B. automated attack
    C. distributed attack
    D. central processing attack

  • Question 357:

    Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

    A. Value list cell
    B. Value cell
    C. Key cell
    D. Security descriptor cell

  • Question 358:

    Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

    A. Point-to-point
    B. End-to-end
    C. Thorough
    D. Complete event analysis

  • Question 359:

    An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.

    A. logical
    B. anti-magnetic
    C. magnetic
    D. optical

  • Question 360:

    NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

    A. FAT does not index files
    B. NTFS is a journaling file system
    C. NTFS has lower cluster size space
    D. FAT is an older and inefficient file system

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.