1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-Council Certified Computer Hacking Forensic Investigator (V10)

Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1006 Q&As
  • Last Updated
    :Apr 28, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V10 Questions & Answers

  • Question 141:

    Which code does the FAT file system use to mark the file as deleted?

    A. ESH

    B. 5EH

    C. H5E

    D. E5H

  • Question 142:

    What does the 63.78.199.4(161) denotes in a Cisco router log?

    Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161), 1 packet

    A. Destination IP address

    B. Source IP address

    C. Login IP address

    D. None of the above

  • Question 143:

    Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

    A. Domain Controller

    B. Firewall

    C. SIEM

    D. IDS

  • Question 144:

    An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

    A. Postmortem Analysis

    B. Real-Time Analysis

    C. Packet Analysis

    D. Malware Analysis

  • Question 145:

    Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?

    A. host.db

    B. sigstore.db

    C. config.db

    D. filecache.db

  • Question 146:

    Which of the following techniques can be used to beat steganography?

    A. Encryption

    B. Steganalysis

    C. Decryption

    D. Cryptanalysis

  • Question 147:

    Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

    A. wmic service

    B. Reg.exe

    C. fsutil

    D. Devcon

  • Question 148:

    Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. he wants to recover all those data, which includes his personal photos, music, documents, videos, official email, etc. Which of the following tools shall resolve Bob's purpose?

    A. Colasoft's Capsa

    B. Recuva

    C. Cain and Abel

    D. Xplico

  • Question 149:

    Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?

    A. Data from a CD copied using Windows

    B. Data from a CD copied using Mac-based system

    C. Data from a DVD copied using Windows system

    D. Data from a CD copied using Linux system

  • Question 150:

    You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

    A. Net sessions

    B. Net config

    C. Net share

    D. Net use

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.