1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 631:

    Windows Security Accounts Manager (SAM) is a registry file which stores passwords in a hashed format. SAM file in Windows is located at:

    A. C:\windows\system32\config\SAM
    B. C:\windows\system32\con\SAM
    C. C:\windows\system32\Boot\SAM
    D. C:\windows\system32\drivers\SAM

  • Question 632:

    Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president.

    In what electronic format should Travis send this report?

    A. TIFF-8
    B. DOC
    C. WPD
    D. PDF

  • Question 633:

    During a forensic investigation, a large number of files were collected. The investigator needs to evaluate ownership and accountability of those files. Therefore, he begins to identify attributes such as "author name," "organization name," "network name," or any additional supporting data that is meant for the owner's identification purpose.

    Which term describes these attributes?

    A. Metadata
    B. Metabase
    C. Data index
    D. Data header

  • Question 634:

    Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?

    A. This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date
    B. All forensic teams should wear protective latex gloves which makes them look professional and cool
    C. Local law enforcement agencies compel them to wear latest gloves
    D. It is a part of ANSI 346 forensics standard

  • Question 635:

    In a recent cyber-attack, a malicious driver was installed on a Windows system. The investigator in charge is now tasked with analyzing the system behavior to identify and verify the authenticity of the suspicious device driver. Which of the following approaches should the investigator use to complete this task efficiently?

    A. Use Tripwire Enterprise to monitor servers, desktops, directory servers, hypervisors, databases, middleware applications, and network devices
    B. Use DriverView utility to list all device drivers currently loaded on the system and check their details such as load address, description, version, product name, and the company that created the driver
    C. Use the FCIV utility to generate and verify hash values of files using MD5 or SHA-1 algorithms
    D. Utilize PA File Sight to track who is deleting, moving, or reading files: detect users copying files: and optionally block access

  • Question 636:

    The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

    A. Any data not yet flushed to the system will be lost
    B. All running processes will be lost
    C. The /tmp directory will be flushed
    D. Power interruption will corrupt the pagefile

  • Question 637:

    After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

    A. IPSEC does not work with packet filtering firewalls
    B. Statefull firewalls do not work with packet filtering firewalls
    C. NAT does not work with IPSEC
    D. NAT does not work with statefull firewalls

  • Question 638:

    Which of the following attacks refers to unintentional download of malicious software via the Internet?

    Here, an attacker exploits flaws in browser software to install malware merely by the user visiting the malicious website.

    A. Drive-by downloads
    B. Phishing
    C. Internet relay chats
    D. Malvertising

  • Question 639:

    All Blackberry email is eventually sent and received through what proprietary RIM-operated mechanism?

    A. Blackberry Message Center
    B. Microsoft Exchange
    C. Blackberry WAP gateway
    D. Blackberry WEP gateway

  • Question 640:

    On NTFS file system, which of the following tools can a forensic investigator use in order to identify timestomping of evidence files?

    A. Exiv2
    B. analyzeMFT
    C. Timestomp
    D. wbStego

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.