1. Home
  2. EC-COUNCIL
  3. 312-49

EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 28, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 421:

    What is the size value of a nibble?

    A. 0.5 kilo byte
    B. 0.5 bit
    C. 0.5 byte
    D. 2 bits

  • Question 422:

    Which of the following is an iOS Jailbreaking tool?

    A. Kingo Android ROOT
    B. Towelroot
    C. One Click Root
    D. Redsn0w

  • Question 423:

    Which of the following is NOT a graphics file?

    A. Picture1.tga
    B. Picture2.bmp
    C. Picture3.nfo
    D. Picture4.psd

  • Question 424:

    Which among the following search warrants allows the first responder to search and seize the victim's computer components such as hardware, software, storage devices, and documentation?

    A. John Doe Search Warrant
    B. Citizen Informant Search Warrant
    C. Electronic Storage Device Search Warrant
    D. Service Provider Search Warrant

  • Question 425:

    Paraben Lockdown device uses which operating system to write hard drive data?

    A. Mac OS
    B. Red Hat
    C. Unix
    D. Windows

  • Question 426:

    How many sectors will a 125 KB file use in a FAT32 file system?

    A. 32
    B. 16
    C. 256
    D. 25

  • Question 427:

    The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

    A. The Fourth Amendment
    B. The USA patriot Act
    C. The Good Samaritan Laws
    D. The Federal Rules of Evidence

  • Question 428:

    Study the log given below and answer the following question:

    Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

    Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

    Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

    A. Disallow UDP53 in from outside to DNS server
    B. Allow UDP53 in from DNS server to outside
    C. Disallow TCP53 in from secondaries or ISP server to DNS server
    D. Block all UDP traffic

  • Question 429:

    Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer's log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies' domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?

    A. Syllable attack
    B. Hybrid attack
    C. Brute force attack
    D. Dictionary attack

  • Question 430:

    You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

    A. 70 years
    B. the life of the author
    C. the life of the author plus 70 years
    D. copyrights last forever

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.