1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 641:

    Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?

    A. Tokenmon
    B. PSLoggedon
    C. TCPView
    D. Process Monitor

  • Question 642:

    A forensic investigator has collected a compromised Amazon Echo Dot and a smartphone from a crime scene. The Alexa app on the smartphoneis synced with the Echo Dot. To begin investigating these devices, the investigator needs to obtain certain artifacts.

    In this scenario, which of the following sequence of steps should the investigator follow to acquire the necessary artifacts for a client-based analysis?

    A. Retrieve database files using the adb pull command -> Generate an image of the firmware -> Parse database files -> Conduct data analysis
    B. Parse database files -> Retrieve database files using the adb pull command -> Generate an image of the firmware -> Conduct data analysis
    C. Generate an image of the firmware -> Retrieve database files using the adb pull command -> Parse database files -> Conduct data analysis
    D. Retrieve database files using the adb pull command -> Parse database files -> Generate an image of the firmware -> Conduct data analysis

  • Question 643:

    In Linux OS, different log files hold different information, which help the investigators to analyze various issues during a security incident. What information can the investigators obtain from the log file var/log/dmesg?

    A. Kernel ring buffer information
    B. All mail server message logs
    C. Global system messages
    D. Debugging log messages

  • Question 644:

    You have been given the task to investigate web attacks on a Windows-based server.

    Which of the following commands will you use to look at which sessions the machine has opened with other systems?

    A. Net sessions
    B. Net use
    C. Net config
    D. Net share

  • Question 645:

    Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.

    A. Statement of personal or family history
    B. Prior statement by witness
    C. Statement against interest
    D. Statement under belief of impending death

  • Question 646:

    What is the investigator trying to view by issuing the command displayed in the following screenshot?

    A. List of services stopped
    B. List of services closed recently
    C. List of services recently started
    D. List of services installed

  • Question 647:

    While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface. Which of the following operating systems is present on the hard disk?

    A. Windows 10
    B. Windows 8
    C. Windows 7
    D. Windows 8.1

  • Question 648:

    A security analyst identifies an influx of network traffic from an IoT HVAC system in a multinational corporation. The corporation is concerned about a possible HVAC attack. What should the security analyst prioritize to mitigate this potential threat?

    A. Investigate a possible BlueBorne attack on the IoT devices
    B. Inspect the IoT HVAC system for backdoor access
    C. Validate the IoT HVAC system for a potential DDoS attack
    D. Check for signs of a Rolling Code attack on the IoT HVAC system

  • Question 649:

    A Computer Hacking Forensic Investigator (CHFI) arrives at the crime scene in an incident involving cybercrime. While performing the initial search of the scene, the investigator spots a GPS device, a keyboard, and a telephone line connected to a caller ID box.

    Considering the steps involved in searching for evidence, which of the following actions should the investigator perform first?

    A. Secure the keyboard to protect any potential fingerprints
    B. Initiate the search and seizure evidence log to document details of the identified devices
    C. Record observations about the current situation at the scene
    D. Survey the GPS device to explore potential sources of digital information

  • Question 650:

    Which one of the following is not a first response procedure?

    A. Preserve volatile data
    B. Fill forms
    C. Crack passwords
    D. Take photos

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.