312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :Jul 11, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 1:

    One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document.

    What can an investigator examine to verify that a file has the correct extension?

    A. The file header
    B. The File Allocation Table
    C. The file footer
    D. The sector map

  • Question 2:

    What does ICMP Type 3/Code 13 mean?

    A. Administratively Blocked
    B. Host Unreachable
    C. Protocol Unreachable
    D. Port Unreachable

  • Question 3:

    Paraben Lockdown device uses which operating system to write hard drive data?

    A. Mac OS
    B. Red Hat
    C. Unix
    D. Windows

  • Question 4:

    What is the name of the first reserved sector in File allocation table?

    A. Volume Boot Record
    B. Partition Boot Sector
    C. Master Boot Record
    D. BIOS Parameter Block

  • Question 5:

    Rusty, a computer forensics apprentice, uses the command nbtstat -c while analyzing the network information in a suspect system. What information is he looking for?

    A. Contents of the network routing table
    B. Status of the network carrier
    C. Contents of the NetBIOS name cache
    D. Network connections

  • Question 6:

    Ever-changing advancement or mobile devices increases the complexity of mobile device examinations. Which or the following is an appropriate action for the mobile forensic investigation?

    A. To avoid unwanted interaction with devices found on the scene, turn on any wireless interfaces such as Bluetooth and Wi-Fi radios
    B. Do not wear gloves while handling cell phone evidence to maintain integrity of physical evidence
    C. If the device's display is ON. the screen's contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons
    D. If the phone is in a cradle or connected to a PC with a cable, then unplug the device from the computer

  • Question 7:

    What does the command "C:\>wevtutil gl " display?

    A. Configuration information of a specific Event Log
    B. Event logs are saved in .xml format
    C. Event log record structure
    D. List of available Event Logs

  • Question 8:

    To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?

    A. Post-investigation Phase
    B. Reporting Phase
    C. Pre-investigation Phase
    D. Investigation Phase

  • Question 9:

    In the middle of a high-pressure cybercrime investigation, you stumble upon a cryptic message. It appears to be encoded with the ASCII standard. The encrypted message contains a combination of lower ASCII and higher ASCII codes. Which statement is the most accurate concerning the interpretation of this message?

    A. The lower ASCII codes refer to non-printable system codes, while the higher ASCII codes represent alphanumeric characters and punctuation
    B. Both lower and higher ASCII codes primarily contain alphanumeric characters and punctuation
    C. ASCII codes at the lower end represent alphanumeric characters and punctuation. On the other hand, those at the higher end are typically used to denote non-printable system codes
    D. The lower ASCII codes represent basic alphanumeric characters and punctuation, while the higher ASCII codes are generally used for graphics and non-ASCII characters in documents

  • Question 10:

    You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

    A. Throw the hard disk into the fire
    B. Run the powerful magnets over the hard disk
    C. Format the hard disk multiple times using a low level disk utility
    D. Overwrite the contents of the hard disk with Junk data

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.