1. Home
  2. EC-COUNCIL
  3. 312-49V9

EC-COUNCIL 312-49V9 Online Practice Questions and Exam Preparation

312-49V9 Exam Details

  • Exam Code
    :312-49V9
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :May 26, 2026

EC-COUNCIL 312-49V9 Online Questions & Answers

  • Question 261:

    If you come across a sheepdip machine at your client site, what would you infer?

    A. A sheepdip coordinates several honeypots
    B. A sheepdip computer is another name for a honeypot
    C. A sheepdip computer is used only for virus-checking.
    D. A sheepdip computer defers a denial of service attack

  • Question 262:

    You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?

    A. 8
    B. 1
    C. 4
    D. 2

  • Question 263:

    What is the first step that needs to be carried out to crack the password?

    A. A word list is created using a dictionary generator program or dictionaries
    B. The list of dictionary words is hashed or encrypted
    C. The hashed wordlist is compared against the target hashed password, generally one word at a time
    D. If it matches, that password has been cracked and the password cracker displays the unencrypted version of the password

  • Question 264:

    John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

    A. Firewalk sets all packets with a TTL of one
    B. Firewalk sets all packets with a TTL of zero
    C. Firewalk cannot pass through Cisco firewalls
    D. Firewalk cannot be detected by network sniffers

  • Question 265:

    Microsoft Outlook maintains email messages in a proprietary format in what type of file?

    A. .email
    B. .mail
    C. .pst
    D. .doc

  • Question 266:

    When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

    A. Corrupt
    B. Bad
    C. Lost
    D. Unallocated

  • Question 267:

    Which is not a part of environmental conditions of a forensics lab?

    A. Large dimensions of the room
    B. Good cooling system to overcome excess heat generated by the work station
    C. Allocation of workstations as per the room dimensions
    D. Open windows facing the public road

  • Question 268:

    When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

    A. 4902
    B. 3902
    C. 4904
    D. 3904

  • Question 269:

    Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

    A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM
    B. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN
    C. He should again attempt PIN guesses after a time of 24 hours
    D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM

  • Question 270:

    WPA2 provides enterprise and Wi-Fi users with stronger data protection and network access control which of the following encryption algorithm is used DVWPA2?

    A. RC4-CCMP
    B. RC4-TKIP
    C. AES-CCMP
    D. AES-TKIP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.