312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :Jul 11, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 31:

    An Expert witness gives an opinion if:

    A. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors
    B. To define the issues of the case for determination by the finder of fact
    C. To stimulate discussion between the consulting expert and the expert witness
    D. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

  • Question 32:

    Which command can provide the investigators with details of all the loaded modules on a Linux-based system?

    A. list modules -a
    B. lsmod
    C. plist mod -a
    D. lsof -m

  • Question 33:

    A CHFI professional is investigating a data breach in a Windows 10 system. The initial analysis revealed some alterations in the system event logs. As part of the investigation, the professional uses the `wevtutil' command-line tool. The command `wevtutil gl Security' was executed, but the results seemed abnormal.

    Which of the following could be a plausible reason for this outcome?

    A. The command `wevtutil gl Security' does not exist in the `wevtutil' command set
    B. The `wevtutil' command cannot retrieve data from XML-based EVTX file format
    C. The Event Log service was temporarily unresponsive or down
    D. The EVTX file storing the Security log was corrupted or tampered with

  • Question 34:

    Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

    A. File fingerprinting
    B. Identifying file obfuscation
    C. Static analysis
    D. Dynamic analysis

  • Question 35:

    Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

    A. Use a system that has a dynamic addressing on the network
    B. Use a system that is not directly interacing with the router
    C. Use it on a system in an external DMZ in front of the firewall
    D. It doesn't matter as all replies are faked

  • Question 36:

    A sophisticated cyber-attack has targeted an organization, and the forensic team is called upon for incident response. Their assets are largelyhosted on AWS, particularly using S3 and EC2 instances. As a forensic investigator, your first step to retaining valuable evidence in the EC2 instances is:

    A. Retrieve and analyze log data from the affected EC2 instances
    B. Encrypt all the data present in the EC2 instances to avoid further unauthorized access
    C. Immediately isolate the affected EC2 instances from the network to avoid data corruption
    D. Create a snapshot of the EBS volume in the affected EC2 instance and share it with the forensic team for analysis

  • Question 37:

    A Computer Hacking Forensic Investigator (CHFI) is conducting an analysis of malware obtained from a Darknet source. The CHFI is preparing torun the malware in a controlled environment and plans to record the malware's behavior for further investigation.

    Based on the available supporting tools, which combination would best suit the CHFI's needs in this scenario?

    A. Virtual Box for virtualization, QualNet for network simulation, and Camtasia for screen capture and recording
    B. Parallels Desktop 16 for virtualization, ns-3 for network simulation, and Ezvid for screen capture and recording
    C. VMware vSphere Hypervisor for virtualization, Riverbed Modeler for network simulation, and Genie Backup Manager Pro for OS backup and imaging
    D. Virtual Box for virtualization, NetSim for network simulation, and Snagit for screen capture and recording

  • Question 38:

    In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence?

    A. Obtain search warrant
    B. Evaluate and secure the scene
    C. Collect the evidence
    D. Acquire the data

  • Question 39:

    Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

    A. Adjacent memory locations
    B. Adjacent bit blocks
    C. Adjacent buffer locations
    D. Adjacent string locations

  • Question 40:

    A forensic investigator discovers an Android smartwatch at the crime scene during an investigation. The investigator realizes the smartwatch was potentially involved in the crime, but the device associated with it was not found at the scene. What is the most suitable initial step for the investigator to retrieve meaningful data from the smartwatch?

    A. The investigator should first physically dismantle the smartwatch to access its internal storage
    B. The investigator should immediately turn off the smartwatch to prevent data manipulation
    C. The investigator should start by understanding the smartwatch's basic framework, including its APIs
    D. The investigator should directly analyze data stored on the smartwatch using IoT forensics tools

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.