1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 761:

    The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies.

    What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

    A. The USA Patriot Act
    B. The Good Samaritan Laws
    C. The Federal Rules of Evidence
    D. The Fourth Amendment

  • Question 762:

    Which of the following file system is used by Mac OS X?

    A. EFS
    B. HFS+
    C. EXT2
    D. NFS

  • Question 763:

    In what circumstances would you conduct searches without a warrant?

    A. When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity
    B. Agents may search a place or object without a warrant if he suspect the crime was committed
    C. A search warrant is not required if the crime involves Denial-Of-Service attack over the Internet
    D. Law enforcement agencies located in California under section SB 567 are authorized to seize computers without warrant under all circumstances

  • Question 764:

    Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card.

    What Jason can do in this scenario to reset the PIN and access SIM data?

    A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM
    B. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN
    C. He should again attempt PIN guesses after a time of 24 hours
    D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM

  • Question 765:

    Which of the following commands shows you the NetBIOS name table each?

    A. nbtstat -n
    B. nbtstat -c
    C. nbtstat -r
    D. nbtstat -s

  • Question 766:

    During an investigation, a forensics analyst discovers an unusual increase in outbound network traffic, network traffic traversing on non-standard ports, and multiple failed login attempts on a host system. The analyst also found that certain programs were using these unusual ports, appearing to be legitimate.

    If these are the primary Indicators of Compromise, what should be the next immediate step in the investigation to contain the intrusion effectively?

    A. Enforcing stringent password policies and re-authenticating all users to prevent further login anomalies
    B. Examining the logs for repeated requests for the same file, indicating a possible exploit attempt
    C. Analyzing Uniform Resource Locators for any signs of phishing or spamming activities
    D. Conducting a deep dive into user-agent strings to determine if there is any spoofing of device OS and browser information

  • Question 767:

    In a suspected cyberattack scenario, a seasoned Computer Hacking Forensics Investigator (CHFI) comes across evidence that the attacker used cloud infrastructure to host attack toolkits and launch the attack. What should be the investigator's primary approach to unravel the tracks covered by the attacker and retrieve evidence?

    A. Recover and analyze the residual data left on the cloud servers after the attacker destroyed the infrastructure
    B. Review the access logs for all cloud infrastructure services used during the attack period
    C. Launch a counterattack on the suspected IP addresses linked with the cloud infrastructure
    D. Contact the cloud service provider and request the deletion of data for the suspected period

  • Question 768:

    How do you define forensic computing?

    A. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law.
    B. It is a methodology of guidelines that deals with the process of cyber investigation
    C. It Is a preliminary and mandatory course necessary to pursue and understand fundamental principles of ethical hacking
    D. It is the administrative and legal proceeding in the process of forensic investigation

  • Question 769:

    A company is investigating an issue with one of their Windows servers that fails to boot up. The IT forensics team is called upon to determine the cause of the issue. According to the standard Windows Boot Process (BIOS-MBR method), what is the likely issue if the system fails right after the BIOS completes the power-on self-test (POST) and before the master boot record (MBR) is loaded?

    A. Failure in loading the OS kernel ntoskrnl.exe
    B. The system boot disk is not detected
    C. Failure of the Boot Con guration Data (BCD)
    D. Failure of the Bootmgr.exe

  • Question 770:

    Which is a standard procedure to perform during all computer forensics investigations?

    A. with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
    B. with the hard drive in the suspect PC, check the date and time in the system's CMOS
    C. with the hard drive in the suspect PC, check the date and time in the File Allocation Table
    D. with the hard drive removed from the suspect PC, check the date and time in the system's RAM

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.