1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 81:

    Which Federal Rule of Evidence speaks about the Hearsay exception where the availability of the declarant is immaterial and certain characteristics of the declarant such as present sense impression, excited utterance, and recorded recollection are also observed while giving their testimony?

    A. Rule 801
    B. Rule 802
    C. Rule 803
    D. Rule 804

  • Question 82:

    A forensic analyst has been tasked with investigating unusual network activity inside a retail company's network. Employees complain of not being able to access services, frequent rebooting, and anomalies in log files. The investigator requested log files from the IT administrator and after carefully reviewing them, he finds the following log entry:

    What type of attack was performed on the companies' web application?

    A. Directory transversal
    B. Unvalidated input
    C. SQL injection
    D. Log tampering

  • Question 83:

    Which of the following Perl scripts will help an investigator to access the executable image of a process?

    A. Lspd.pl
    B. Lpsi.pl
    C. Lspm.pl
    D. Lspi.pl

  • Question 84:

    Which U.S. law does the interstate or international transportation and receiving of child pornography fall under?

    A. 18 U.S.C. 1466A
    B. 18 U.S.C. 2252
    C. 18 U.S.C. 146A
    D. 18 U.S.C. 252

  • Question 85:

    When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

    A. The year the evidence was taken
    B. The sequence number for the parts of the same exhibit
    C. The initials of the forensics analyst
    D. The sequential number of the exhibits seized

  • Question 86:

    What is cold boot (hard boot)?

    A. It is the process of starting a computer from a powered-down or off state
    B. It is the process of restarting a computer that is already turned on through the operating system
    C. It is the process of shutting down a computer from a powered-on or on state
    D. It is the process of restarting a computer that is already in sleep mode

  • Question 87:

    During an ongoing cybercrime investigation involving a significant amount of encrypted communication, a Computer Hacking Forensic Investigator (CHFI) believes the suspect's computer holds crucial evidence. However, there's a high chance that the suspect could destroy the evidence before obtaining a warrant.

    Which action is legally permissible in this circumstance according to the US courts?

    A. The investigator should wait for a warrant regardless of potential evidence destruction
    B. The investigator can seize the evidence without a warrant but must immediately seek a retroactive warrant
    C. The investigator can seize the evidence without a warrant if there's probable cause to believe that the computer holds evidence of the crime
    D. The investigator cannot seize the evidence without the suspect's consent, even if there's an imminent risk of evidence destruction

  • Question 88:

    Which of the following directory contains the binary files or executables required for system maintenance and administrative tasks on a Linux system?

    A. /lib
    B. /bin
    C. /usr
    D. /sbin

  • Question 89:

    A cybercriminal is attempting to remove evidence from a Windows computer. He deletes the file evidence1.doc, sending it to Windows Recycle Bin. The cybercriminal then empties the Recycle Bin. After having been removed from the Recycle Bin, what will happen to the data?

    A. The data will remain in its original clusters until it is overwritten
    B. The data will be overwritten with zeroes
    C. The data will be moved to new clusters in unallocated space
    D. The data will become corrupted, making it unrecoverable

  • Question 90:

    Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

    A. the Microsoft Virtual Machine Identifier
    B. the Personal Application Protocol
    C. the Globally Unique ID
    D. the Individual ASCII String

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.