312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :Jul 11, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 991:

    Which of the following stages in a Linux boot process involve initialization of the system's hardware?

    A. BIOS Stage
    B. Bootloader Stage
    C. BootROM Stage
    D. Kernel Stage

  • Question 992:

    WPA2 provides enterprise and Wi-Fi users with stronger data protection and network access control which of the following encryption algorithm is used DVWPA2?

    A. RC4-CCMP
    B. RC4-TKIP
    C. AES-CCMP
    D. AES-TKIP

  • Question 993:

    While investigating a potential SQL Injection Attack on a Windows-based server, a CHFI has found the following IIS log entry:"2023-05-14 15:05:02 10.10.10.55 GET /products.php id=ORD-001%27%20or%201=l;-- 80 bob 10.10.10.12 HTTP/1.1 Mozilla/5. 0+(X11;+Ubuntu;+Linux+x86_64;+rv:67. 0)+Gecko/20100101+Firefox/67. 0 http://www.luxurytreats.com/products.php 200 0 0 510"

    Based on this log entry, which of the following is a correct assertion?

    A. The attacker tried to manipulate the user login functionality of the website
    B. The attacker was unsuccessful, as the HTTP 200 status code indicated
    C. The attacker could execute a stored procedure on the MS SQL server
    D. The attacker tried to bypass authentication using a Linux machine

  • Question 994:

    During a high-stakes corporate espionage case, an investigator seeks digital evidence to reveal unauthorized data access and leakage. The investigator possesses the skills to recover deleted files, decrypt encrypted files, and inspect hidden files.

    Given the vailability of multiple potential evidence sources, which category of files is most likely to yield the most valuable information in this scenario?

    A. User-Created Files
    B. Computer-Created Files
    C. User-Protected Files
    D. Files stored on peripheral devices

  • Question 995:

    CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

    From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37

    The employee of CompanyXYZ receives your email message.

    This proves that CompanyXYZ's email gateway doesn't prevent what?

    A. Source code review
    B. Reviewing the firewalls configuration
    C. Data items and vulnerability scanning
    D. Interviewing employees and network engineers

  • Question 996:

    In a forensic investigation on an Android device, a Computer Hacking Forensics Investigator is required to extract information from the SQLite database. They aim to recover the user's web browsing history. Which is the correct SQLite database path that the investigator should focus on?

    A. \data\com.android.providers.calendar\databases\calendar.db
    B. \data\data\com.android.browser\databases\browser2. db
    C. \data\data\com.android.providers.telephony\databases\mmssms.db
    D. \data\data\com.android.providers.contacts\databases\contacts2. db

  • Question 997:

    What is the default IIS log location?

    A. SystemDrive\inetpub\LogFiles
    B. %SystemDrive%\inetpub\logs\LogFiles
    C. %SystemDrive\logs\LogFiles
    D. SystemDrive\logs\LogFiles

  • Question 998:

    Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?

    A. Click-jacking
    B. Compromising a legitimate site
    C. Spearphishing
    D. Malvertising

  • Question 999:

    Following an advanced persistent threat attack, a CHFI investigator is called in to acquire data from the compromised system. Given the wide range of potential data sources, the investigator needs to prioritize the order of data collection based on volatility.

    Which of the following would be the correct order to collect data in this scenario?

    A. Archival media, physical configuration, network topology, disk or other storage media, temporary file systems, routing table, process table,kernel statistics, registers and processor cache
    B. Archival media, disk or other storage media, temporary file systems, routing table, process table, and kernel statistics, registers andprocessor cache, physical configuration, and network topology
    C. Registers and processor cache, routing table, process table, kernel statistics, temporary file systems, disk or other storage media, physicalconfiguration, and network topology, archival media
    D. Physical configuration, network topology, archival media, disk or other storage media, temporary file systems, routing table, process table,kernel statistics, registers and processor cache

  • Question 1000:

    Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194. 222. 156. 169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194. 222. 156. 169:56693 -> 172. 16. 1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212. 244. 97. 121:3485 -> 172. 16. 1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194. 222. 156. 169:1425 -> 172. 16. 1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24. 9.255. 53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63. 226. 81.13:4499 -> 172. 16. 1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63. 226. 81.13:4630 -> 172. 16. 1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212. 251.1.94:642 -> 172. 16. 1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173. 35. 164:4221 -> 172. 16. 1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107. 87:2291 -> 172. 16. 1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63. 226. 81.13:1351 -> 172. 16. 1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24. 112. 167. 35:20 -> 172. 16. 1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172. 16. 1.107:23 -> 213. 28.22. 189:4558 Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

    A. Disallow UDP 53 in from outside to DNS server
    B. Allow UDP 53 in from DNS server to outside
    C. Disallow TCP 53 in from secondaries or ISP server to DNS server
    D. Block all UDP traffic

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.