1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 291:

    Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

    A. The manufacturer of the system compromised
    B. The logic, formatting and elegance of the code used in the attack
    C. The nature of the attack
    D. The vulnerability exploited in the incident

  • Question 292:

    During a malware forensic investigation, a newly added entry was identified in the Windows AutoStart registry keys after a malware execution on a compromised system. The entry indicates a VB script file named "CaoClboog.vbs" installed in the 'Run' key to achieve persistence and run automatically upon user login.

    As a Computer Hacking Forensic Investigator (CHFI), where would you expect to find this suspicious entry in the registry hive?

    A. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Startup
    B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    C. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    D. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Common Startup

  • Question 293:

    E-mail logs contain which of the following information to help you in your investigation? (Choose four.)

    A. user account that was used to send the account
    B. attachments sent with the e-mail message
    C. unique message identifier
    D. contents of the e-mail message
    E. date and time the message was sent

  • Question 294:

    As a Computer Hacking Forensic Investigator, you are analyzing an intrusion incident in a corporate network. You discovered the traces of a fileless malware attack that utilized a memory exploit. The indicators suggest that the initial payload was delivered via a malicious Word document received through a phishing email.

    As part of the response and prevention plan, which among the following steps would be the most effective to disrupt the Infection Chain of the detected fileless malware?

    A. Disabling the use of all scripting languages, such as JavaScript, in the corporate environment
    B. Patching the vulnerabilities in Flash and Java plugins in all browsers within the corporate network
    C. Implementing a strict policy on macros embedded in Office documents across the organization
    D. Replacing the currently used traditional antivirus solution with the latest signature-based IDS

  • Question 295:

    Which rule requires an original recording to be provided to prove the content of a recording?

    A. 1004
    B. 1002
    C. 1003
    D. 1005

  • Question 296:

    As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc.

    Which of the following commands does she need to execute in order to extract the desired information?

    A. DBCC LOG(Transfers, 1)
    B. DBCC LOG(Transfers, 3)
    C. DBCC LOG(Transfers, 0)
    D. DBCC LOG(Transfers, 2)

  • Question 297:

    In a Linux-based system, what does the command "Last -F" display?

    A. Login and logout times and dates of the system
    B. Last run processes
    C. Last functions performed
    D. Recently opened files

  • Question 298:

    Harry has collected a suspicious executable file from an infected system and seeks to reverse its machine code to instructions written in assembly language. Which tool should he use for this purpose?

    A. HashCalc
    B. Ollydbg
    C. BinText
    D. oledump

  • Question 299:

    What feature of Windows is the following command trying to utilize?

    A. White space
    B. AFS
    C. ADS
    D. Slack file

  • Question 300:

    As part of an ongoing investigation, a CHFI is tasked with identifying and analyzing stealthy malware that has caused severe damage to a major corporation's systems. The malware has left minimal traces, demonstrating its sophisticated nature. It's also believed that the malware originated from the dark web.

    Based on the available information, what should be the investigator's priority in the malware forensic process?

    A. Immediately searching the dark web for similar malware signatures
    B. Creating a list of IoCs from other machines in the network to check for malware presence
    C. Setting up a controlled malware analysis lab to study the behavior of the malware
    D. Sending a copy of the malware to anti-virus companies for urgent signature development

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.