312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :Jul 09, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 521:

    From the following spam mail header, identify the host IP that sent this spam?

    From [email protected] [email protected] Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) Message-Id: >[email protected] From: "china hotel web" To: "Shlam" Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal Reply-To: "china hotel web"

    A. 137.189.96.52
    B. 8.12.1.0
    C. 203.218.39.20
    D. 203.218.39.50

  • Question 522:

    Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security. Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

    A. Border Gateway Protocol
    B. Cisco Discovery Protocol
    C. Broadcast System Protocol
    D. Simple Network Management Protocol

  • Question 523:

    Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company PBX system be called?

    A. Phreaking
    B. Squatting
    C. Crunching
    D. Pretexting

  • Question 524:

    Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?

    A. Dictionary attack
    B. Brute force attack
    C. Rule-based attack
    D. Man in the middle attack

  • Question 525:

    UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

    A. BIOS-MBR
    B. GUID Partition Table (GPT)
    C. Master Boot Record (MBR)
    D. BIOS Parameter Block

  • Question 526:

    Which code does the FAT file system use to mark the file as deleted?

    A. ESH
    B. 5EH
    C. H5E
    D. E5H

  • Question 527:

    When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

    A. Title 18, Section 1030
    B. Title 18, Section 2703(d)
    C. Title 18, Section Chapter 90
    D. Title 18, Section 2703(f)

  • Question 528:

    This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

    A. Master Boot Record (MBR)
    B. Master File Table (MFT)
    C. File Allocation Table (FAT)
    D. Disk Operating System (DOS)

  • Question 529:

    When using an iPod and the host computer is running Windows, what file system will be used?

    A. iPod+
    B. HFS
    C. FAT16
    D. FAT32

  • Question 530:

    What is the investigator trying to analyze if the system gives the following image as output?

    A. All the logon sessions
    B. Currently active logon sessions
    C. Inactive logon sessions
    D. Details of users who can logon

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.