1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 841:

    In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation.

    What assistance can the ISP provide?

    A. The ISP can investigate anyone using their service and can provide you with assistance
    B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
    C. The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
    D. ISPs never maintain log files so they would be of no use to your investigation

  • Question 842:

    Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details of the incident and should be clear to understand. Which of the following attributes of a forensics report can render it inadmissible in a court of law?

    A. It includes metadata about the incident
    B. It includes relevant extracts referred to In the report that support analysis or conclusions
    C. It is based on logical assumptions about the incident timeline
    D. It maintains a single document style throughout the text

  • Question 843:

    What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?

    A. forensic duplication of hard drive
    B. analysis of volatile data
    C. comparison of MD5 checksums
    D. review of SIDs in the Registry

  • Question 844:

    How many sectors will a 125 KB file use in a FAT32 file system?

    A. 32
    B. 16
    C. 256
    D. 25

  • Question 845:

    Sally accessed the computer system that holds trade secrets of the company where she is employed. She knows she accessed it without authorization and all access (authorized and unauthorized) to this computer is monitored. To cover her tracks, Sally deleted the log entries on this computer.

    What among the following best describes her action?

    A. Password sniffing
    B. Brute-force attack
    C. Anti-forensics
    D. Network intrusion

  • Question 846:

    In a computer forensics investigation, an investigator is dealing with a system that has been recently shut down. The data they need is of a non- volatile nature. Which type of data acquisition methodology should the investigator adopt in this scenario and why?

    A. The investigator should not perform any data acquisition as the system is already powered off
    B. The investigator should use either live or dead data acquisition as both methods can collect non-volatile data from the system
    C. The investigator should use live data acquisition since it is intended to capture dynamic data from the computer's memory, caches, and registries
    D. The investigator should use dead data acquisition because it is designed to collect unaltered data from storage devices such as hard drives and USB thumb drives

  • Question 847:

    Which of the following commands shows you all of the network services running on Windows-based servers?

    A. Netstart
    B. Net Session
    C. Net use
    D. Net config

  • Question 848:

    What is the goal of forensic science?

    A. To determine the evidential value of the crime scene and related evidence
    B. Mitigate the effects of the information security breach
    C. Save the good will of the investigating organization
    D. It is a disciple to deal with the legal processes

  • Question 849:

    Which principle states that "anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave"?

    A. Locard's Exchange Principle
    B. Enterprise Theory of Investigation
    C. Locard's Evidence Principle
    D. Evidence Theory of Investigation

  • Question 850:

    Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

    A. Point-to-point
    B. End-to-end
    C. Thorough
    D. Complete event analysis

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.