1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 211:

    For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?

    A. SSN of the person collecting the evidence
    B. Exact location the evidence was collected from
    C. Relevant circumstances surrounding the collection
    D. General description of the evidence

  • Question 212:

    Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

    A. Net config
    B. Net file
    C. Net share
    D. Net sessions

  • Question 213:

    A cybersecurity investigator is analyzing a suspected dark web transaction involving illegal activities. However, the investigator struggles to findconclusive data due to Tor's onion routing and encryption. What is a specific feature of the Tor network that might help explain why the originalsource of this transaction is hard to trace?

    A. Tor relay nodes are not publicly available, thereby preventing data origin identification
    B. The exit relay of the Tor network is perceived to be the origin of the data by the destination server
    C. The Tor network uses the hidden service protocol, allowing users to host websites anonymously
    D. The Tor network only includes the entry/guard relay, hence making the data origin untraceable

  • Question 214:

    In Microsoft file structures, sectors are grouped together to form:

    A. Clusters
    B. Drives
    C. Bitstreams
    D. Partitions

  • Question 215:

    After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?

    A. PRIV.STM
    B. PUB.EDB
    C. PRIV.EDB
    D. PUB.STM

  • Question 216:

    A forensic investigator is analyzing a Windows 10 machine that has unexpectedly crashed several times in the past week. The investigator needs to determine whether these crashes are due to an internal error or caused by a remote attacker who exploited a bug in the operating system. The investigator has crash dump files and access to various tools.

    What should be the investigator's most immediate action?

    A. A. Utilize Redline to perform Indicators of Compromise (IOC) analysis and construct a timeline of potential cyber incidents
    B. Analyze the crash dump les using DumpChk to examine the system crash's cause and identify any errors in the applications or the operating system
    C. Apply Handle.exe to see the object types and names of all the handles of the crashed programs
    D. Use the Process Dumper tool to dump the entire process space and analyze the contents in the RAM dump file

  • Question 217:

    Which U.S. law sets the rules for sending emails for commercial purposes, establishes the minimum requirements for commercial messaging, gives the recipients of emails the right to ask the senders to stop emailing them, and spells out the penalties in case the above said rules are violated?

    A. NO-SPAM Act
    B. American: NAVSO P-5239-26 (RLL)
    C. CAN-SPAM Act
    D. American: DoD 5220.22-M

  • Question 218:

    Which of the following is a tool to reset Windows admin password?

    A. R-Studio
    B. Windows Password Recovery Bootdisk
    C. Windows Data Recovery Software
    D. TestDisk for Windows

  • Question 219:

    Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to crack her password?

    A. Rule-based attack
    B. Brute force attack
    C. Syllable attack
    D. Hybrid attack

  • Question 220:

    Fill in the missing Master Boot Record component.

    1. Master boot code

    2. Partition table

    3. ____________

    A. Signature word
    B. Volume boot record
    C. Boot loader
    D. Disk signature

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.