1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-Council Certified Computer Hacking Forensic Investigator (V10)

Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1006 Q&As
  • Last Updated
    :Apr 28, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V10 Questions & Answers

  • Question 121:

    Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?

    A. Swap space

    B. Application data

    C. Files and documents

    D. Slack space

  • Question 122:

    When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz” format, what does the “nnnn” denote?

    A. The initials of the forensics analyst

    B. The sequence number for the parts of the same exhibit

    C. The year he evidence was taken

    D. The sequential number of the exhibits seized by the analyst

  • Question 123:

    What is the location of the binary files required for the functioning of the OS in a Linux system?

    A. /run

    B. /bin

    C. /root

    D. /sbin

  • Question 124:

    Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

    A. Portable Document Format

    B. MS-office Word Document

    C. MS-office Word OneNote

    D. MS-office Word PowerPoint

  • Question 125:

    Which of the following tool creates a bit-by-bit image of an evidence media?

    A. Recuva

    B. FileMerlin

    C. AccessData FTK Imager

    D. Xplico

  • Question 126:

    Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.

    What RAID level is represented here?

    A. RAID Level 0

    B. RAID Level 5

    C. RAID Level 3

    D. RAID Level 1

  • Question 127:

    Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

    A. Rule-Based Approach

    B. Automated Field Correlation

    C. Field-Based Approach

    D. Graph-Based Approach

  • Question 128:

    Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

    A. 18 USC §1029

    B. 18 USC §1030

    C. 18 USC §1361

    D. 18 USC §1371

  • Question 129:

    Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?

    A. Bootloader Stage

    B. Kernel Stage

    C. BootROM Stage

    D. BIOS Stage

  • Question 130:

    Casey has acquired data from a hard disk in an open source acquisition format that allows her to generate compressed or uncompressed image files. What format did she use?

    A. Portable Document Format

    B. Advanced Forensics Format (AFF)

    C. Proprietary Format

    D. Raw Format

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.