1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 241:

    When installed on a Windows machine, which port does the Tor browser use to establish a network connection via Tor nodes?

    A. 49664/49665
    B. 49667/49668
    C. 9150/9151
    D. 7680

  • Question 242:

    An investigator enters the command sqlcmd -S WIN-CQQMK62867E -e -s"," -E as part of collecting the primary data file and logs from a database. What does the "WIN-CQQMK62867E" represent?

    A. Name of the Database
    B. Name of SQL Server
    C. Operating system of the system
    D. Network credentials of the database

  • Question 243:

    In a large software development company, an investigation conducted into an incident of source code theft. The initial investigation hints at aninsider being responsible. The inquiry should validate the breach, pinpoint the method of its execution and compile proof that can stand up incourt.

    Considering the case details and the goal of the inquiry, what investigative approach should be taken that would serve best?

    A. An administrative investigation limited to identifying policy or protocol violations
    B. A civil investigation focusing on mutual understanding between involved parties
    C. A criminal investigation, with the onus on law enforcement to prove guilt
    D. A mix of civil and criminal investigations, taking the strengths from both

  • Question 244:

    In a complex forensic investigation, a CHFI investigator has been given a 2 TB suspect drive from which they must acquire relevant data as quickly as possible. The investigator uses a verified and tested data acquisition tool to accomplish this task.

    Given that the suspect drive cannot be retained, and considering the mandatory requirements of the selected tool, which of the following steps is the most critical for the investigator to ensure a forensically sound acquisition?

    A. Prioritizing and acquiring only those data that are of evidentiary value
    B. Testing lossless compression by applying an MD5, SHA-2, or SHA-3 hash on a file before and after compression
    C. Using Microsoft disk compressions tools like DriveSpace and DoubleSpace to exclude slack disk space between the files
    D. Compress files by using archiving tools like PKZip, WinZip, and WinRAR

  • Question 245:

    The investigative team at a private security firm is conducting a forensic examination of a complex cyberattack case. They need to follow the ACPO Principles of Digital Evidence during the investigation. However, one of the investigators is unsure of some of these principles.

    Which of the following statements correctly represents the ACPO principles?

    A. The audit trail of all processes applied to the digital evidence must be created and preserved, but a third-party examination is not necessary
    B. Any individual, regardless of their competence level, can access original data held on a computer if they can explain the relevance of their actions
    C. The person leading the investigation is responsible for ensuring the adherence to the law and these principles, regardless of the actions of their subordinates
    D. Any original data accessed for the investigation can be changed by any team member if deemed necessary

  • Question 246:

    Which password cracking technique uses every possible combination of character sets?

    A. Rainbow table attack
    B. Brute force attack
    C. Rule-based attack
    D. Dictionary attack

  • Question 247:

    Where are files temporarily written in Unix when printing?

    A. /usr/spool
    B. /var/print
    C. /spool
    D. /var/spool

  • Question 248:

    Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

    A. Windows computers will not respond to idle scans
    B. Linux/Unix computers are easier to compromise
    C. Windows computers are constantly talking
    D. Linux/Unix computers are constantly talking

  • Question 249:

    Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However, law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment?

    A. A system using Trojaned commands
    B. A honeypot that traps hackers
    C. An environment set up after the user logs in
    D. An environment set up before an user logs in

  • Question 250:

    What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1

    A. Back up the master boot record
    B. Restore the master boot record
    C. Mount the master boot record on the first partition of the hard drive
    D. Restore the first 512 bytes of the first partition of the hard drive

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.