312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :Jul 11, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 1021:

    An investigator analyzes event logs from a Windows 10 system for a suspected security breach. The investigator needs to find the logs related to account management events. A peculiar set of actions observed is an account creation followed by a change in the account within a short span of time.

    Which Event IDs should the investigator look for in the logs?

    A. Event ID 102 and Event ID 299
    B. Event ID 1 and Event ID 2
    C. Event ID 624 and Event ID 642
    D. Event ID 301 and Event ID 400

  • Question 1022:

    Investigator Janet comes across a suspicious Windows registry key during a computer hacking forensic investigation. She believes modifying this key is associated with the recent cyberattack on the company's servers. In order to confirm this, Janet needs to reference a timestamp embedded inside the registry key.

    What is the correct name of this timestamp?

    A. Last Write Time
    B. User Activity Time
    C. System Modification Time
    D. Current System Time

  • Question 1023:

    You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off-peak

    hours.

    You researched some of the IP addresses and found that many of them are in Eastern Europe.

    What is the most likely cause of this traffic?

    A. The organization's primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities
    B. Data is being exfiltrated by an advanced persistent threat (APT)
    C. Malicious software on internal system is downloading research data from partner SFTP servers in Eastern Europe
    D. Internal systems are downloading automatic Windows updates

  • Question 1024:

    Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time.

    Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?

    A. Same-platform correlation
    B. Cross-platform correlation
    C. Multiple-platform correlation
    D. Network-platform correlation

  • Question 1025:

    During an investigation of a suspected email crime, the forensics team noted that the criminal used emails to sell illegal narcotics and execute numerous frauds. The team identified that the criminal had also used an advanced phishing technique to target a specific executive in the victim's organization.

    Which phishing technique was likely used in this scenario?

    A. Spimming
    B. Whaling
    C. Pharming
    D. Spear Phishing

  • Question 1026:

    _____________ allows a forensic investigator to identify the missing links during investigation.

    A. Chain of custody
    B. Exhibit numbering
    C. Evidence preservation
    D. Evidence reconstruction

  • Question 1027:

    Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

    A. Physical block
    B. Operating system block
    C. Hard disk block
    D. Logical block

  • Question 1028:

    An individual skilled in Forensic Investigation has been summoned to look into a potentially unlawful transaction, believed to have unfolded on the shadowy expanses of the dark web. The investigator knows that the suspect used the Tor network for the transaction.

    Which of the following aspects of the Tor network should the investigator focus on primarily to trace the origin of the data transmission?

    A. The Exit Relay, as it sends the data to the destination server
    B. The Tor Bridge Node, as it helps to circumvent restrictions on the Tor network
    C. The Middle Relay, as it transmits the data in an encrypted format
    D. The Entry/Guard Relay, as it provides an entry point to the Tor network

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.