1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 141:

    Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

    A. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum
    B. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
    C. A simple DOS copy will not include deleted files, file slack and other information
    D. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

  • Question 142:

    You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same.

    What type of virus is this that you are testing?

    A. Oligomorhic
    B. Transmorphic
    C. Polymorphic
    D. Metamorphic

  • Question 143:

    A computer forensics investigator or forensic analyst is a specially trained professional who works with law enforcement as well as private businesses to retrieve information from computers and other types of data storage devices. For this, the analyst should have an excellent working knowledge of all aspects of the computer.

    Which of the following is not a duty of the analyst during a criminal investigation?

    A. To recover data from suspect devices
    B. To fill the chain of custody
    C. To create an investigation report
    D. To enforce the security of all devices and software in the scene

  • Question 144:

    What happens when a file is deleted by a Microsoft operating system using the FAT file system?

    A. the file is erased and cannot be recovered
    B. the file is erased but can be recovered
    C. a copy of the file is stored and the original file is erased
    D. only the reference to the file is removed from the FAT

  • Question 145:

    Which of the following tools is not a data acquisition hardware tool?

    A. UltraKit
    B. Atola Insight Forensic
    C. F-Response Imager
    D. Triage-Responder

  • Question 146:

    Which list contains the most recent actions performed by a Windows User?

    A. MRU
    B. Activity
    C. Recents
    D. Windows Error Log

  • Question 147:

    What must an investigator do before disconnecting an iPod from any type of computer?

    A. Unmount the iPod
    B. Mount the iPod
    C. Disjoin the iPod
    D. Join the iPod

  • Question 148:

    Rule 1002 of Federal Rules of Evidence (US) talks about ______________.

    A. Admissibility of duplicates
    B. Admissibility of original
    C. Admissibility of other evidence of contents
    D. Requirement of original

  • Question 149:

    Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

    A. Volume Boot Record
    B. Master Boot Record
    C. GUID Partition Table
    D. Master File Table

  • Question 150:

    Which of the following statements is incorrect when preserving digital evidence?

    A. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
    B. Verily if the monitor is in on, off, or in sleep mode
    C. Remove the power cable depending on the power state of the computer i.e., in on. off, or in sleep mode
    D. Turn on the computer and extract Windows event viewer log files

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.