1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 331:

    Which of the following is a list of recently used programs or opened files?

    A. Most Recently Used (MRU)
    B. Recently Used Programs (RUP)
    C. Master File Table (MFT)
    D. GUID Partition Table (GPT)

  • Question 332:

    From the following spam mail header, identify the host IP that sent this spam?

    From [email protected] [email protected] Tue Nov 27 17:27:11 2001

    Received: from viruswall.ie.cuhk.edu.hk (viruswall [137. 189.96. 52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id

    fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)

    Received: from mydomain.com (pcd249020.netvigator.com [203. 218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12. 1/8.12. 1)

    with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)

    Message-Id: >200111270926. [email protected]

    From: "china hotel web"

    To: "Shlam"

    Subject: SHANGHAI (HILTON HOTEL) PACKAGE

    Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0

    X-Priority: 3 X-MSMail-

    Priority: Normal Reply-To: "china hotel web"

    A. 137. 189.96. 52
    B. 8.12. 1.0
    C. 203. 218.39.20
    D. 203. 218.39.50

  • Question 333:

    Which "Standards and Criteria" under SWDGE states that "the agency must use hardware and software that are appropriate and effective for the seizure or examination procedure"?

    A. Standards and Criteria 1.4
    B. Standards and Criteria 1.5
    C. Standards and Criteria 1.6
    D. Standards and Criteria 1.7

  • Question 334:

    Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads it to VirusTotal in order to confirm whether the file is malicious, provide information about its functionality, and provide information that will allow to produce simple network signatures.

    What type of malware analysis was performed here?

    A. Hybrid
    B. Static
    C. Volatile
    D. Dynamic

  • Question 335:

    Checkpoint Firewall logs can be viewed through a Check Point Log viewer that uses icons and colors in the log table to represent different security events and their severity. What does the icon in the checkpoint logs represent?

    A. The firewall rejected a connection
    B. A virus was detected in an email
    C. The firewall dropped a connection
    D. An email was marked as potential spam

  • Question 336:

    You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?

    A. 8
    B. 1
    C. 4
    D. 2

  • Question 337:

    Which of the following statements pertaining to First Response is true?

    A. First Response is neither a part of pre-investigation phase nor a part of investigation phase. It only involves attending to a crime scene first and taking measures that assist forensic investigators in executing their tasks in the investigation phase more efficiently
    B. First Response is a part of the post-investigation phase
    C. irst Response is a part of the investigation phase
    D. First Response is a part of the pre-investigation phase

  • Question 338:

    A major financial institution recently observed an unusually high number of failed login attempts on a critical server. The security analyst uses Splunk Enterprise Security (ES) to investigate the logs and suspect a possible brute-force attack. After examining the Windows Event Viewer logs, the analyst detects a series of event ID 4625 (failed logins) and event ID 4624 (successful logins).

    Which of the following SIEM features would be MOST beneficial for the analyst to accurately pinpoint the source of the potential attack and investigate it further?

    A. Risk-based alerting functionality of Splunk ES
    B. Advanced analytics capabilities of Splunk ES for detection and investigation
    C. Real-time threat detection capability of IBM QRadar SIEM
    D. Centralized insight provided by IBM QRadar SIEM across on-premises, SaaS, and IaaS environments

  • Question 339:

    What layer of the OSI model do TCP and UDP utilize?

    A. Data Link
    B. Network
    C. Transport
    D. Session

  • Question 340:

    A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention.

    Why would this not be recommended?

    A. Searching for evidence themselves would not have any ill effects
    B. Searching could possibly crash the machine or device
    C. Searching creates cache files, which would hinder the investigation
    D. Searching can change date/time stamps

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.