1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 501:

    Which of the following is not a part of disk imaging tool requirements?

    A. The tool should not change the original content
    B. The tool should log I/O errors in an accessible and readable form, including the type and location of the error
    C. The tool must have the ability to be held up to scientific and peer review
    D. The tool should not compute a hash value for the complete bit stream copy generated from an image file of the source

  • Question 502:

    Which among the following search warrants allows the first responder to search and seize the victim's computer components such as hardware, software, storage devices, and documentation?

    A. John Doe Search Warrant
    B. Citizen Informant Search Warrant
    C. Electronic Storage Device Search Warrant
    D. Service Provider Search Warrant

  • Question 503:

    In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?

    A. RAID 1
    B. The images will always be identical because data is mirrored for redundancy
    C. RAID 0
    D. It will always be different

  • Question 504:

    When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

    A. RIM Messaging center
    B. Blackberry Enterprise server
    C. Microsoft Exchange server
    D. Blackberry desktop redirector

  • Question 505:

    To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software ?

    A. Computer Forensics Tools and Validation Committee (CFTVC)
    B. Association of Computer Forensics Software Manufactures (ACFSM)
    C. National Institute of Standards and Technology (NIST)
    D. Society for Valid Forensics Tools and Testing (SVFTT)

  • Question 506:

    You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

    A. The X509 Address
    B. The SMTP reply Address
    C. The E-mail Header
    D. The Host Domain Name

  • Question 507:

    An experienced forensic investigator, Chris, is tasked with preparing a testbed for malware analysis. Given the complexity of the malware samples, which are mostly compatible with Windows binary executables, Chris must take meticulous precautions to ensure the integrity of the lab environment.

    Which of the following procedures would Chris NOT be likely to follow in preparing the testbed for malware analysis?

    A. Installing a guest OS such as Ubuntu in virtual machines will serve as forensic workstations
    B. Enabling shared folders and guest isolation allows easy data transfer between host and guest operating systems
    C. Using tools such as INetSim to simulate internet services while ensuring that the NIC card is in "host only" mode
    D. Creating a snapshot of the virtual machine state prior to malware analysis for easy reversion in case of accidental system corruption

  • Question 508:

    The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?

    A. dir /o:d
    B. dir /o:s
    C. dir /o:e
    D. dir /o:n

  • Question 509:

    What is stored in the following directory? HKLM\SECURITY\Policy\Secrets

    A. IAS account names and passwords
    B. Service account passwords in plain text
    C. Local store PKI Kerberos certificates
    D. Cached password hashes for the past 20 users

  • Question 510:

    Robert is a regional manager working in a reputed organization. One day, he suspected malware attack after unwanted programs started to popup after logging into his computer. The network administrator was called upon to trace out any intrusion on the computer and he/she finds that suspicious activity has taken place within Autostart locations.

    In this situation, which of the following tools is used by the network administrator to detect any intrusion on a system?

    A. Hex Editor
    B. Internet Evidence Finder
    C. Process Monitor
    D. Report Viewer

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.