1. Home
  2. EC-COUNCIL
  3. 312-49V9

EC-COUNCIL 312-49V9 Online Practice Questions and Exam Preparation

312-49V9 Exam Details

  • Exam Code
    :312-49V9
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :May 26, 2026

EC-COUNCIL 312-49V9 Online Questions & Answers

  • Question 311:

    You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm's employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?

    A. Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned
    B. Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment
    C. Inform the owner that conducting an investigation without a policy is a violation of the employees' expectation of privacy
    D. Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

  • Question 312:

    The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

    A. Any data not yet flushed to the system will be lost
    B. All running processes will be lost
    C. The /tmp directory will be flushed
    D. Power interruption will corrupt the pagefile

  • Question 313:

    What is the smallest allocation unit of a hard disk?

    A. Cluster
    B. Spinning tracks
    C. Disk platters
    D. Slack space

  • Question 314:

    When examining the log files from a Windows IIS Web Server, how often is a new log file created?

    A. the same log is used at all times
    B. a new log file is created everyday
    C. a new log file is created each week
    D. a new log is created each time the Web Server is started

  • Question 315:

    You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printed out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the _________________________ in order to track the emails back to the suspect.

    A. Routing Table
    B. Firewall log
    C. Configuration files
    D. Email Header

  • Question 316:

    A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.

    A. Mere Suspicion
    B. A preponderance of the evidence
    C. Probable cause
    D. Beyond a reasonable doubt

  • Question 317:

    Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What will this search produce?

    A. All search engines that link to .net domains
    B. All sites that link to ghttech.net
    C. Sites that contain the code: link:www.ghttech.net
    D. All sites that ghttech.net links to

  • Question 318:

    Which of the following is not correct when documenting an electronic crime scene?

    A. Document the physical scene, such as the position of the mouse and the location of components near the system
    B. Document related electronic components that are difficult to find
    C. Record the condition of the computer system, storage media, electronic devices and conventional evidence, including power status of the computer
    D. Write down the color of shirt and pant the suspect was wearing

  • Question 319:

    What TCP/UDP port does the toolkit program netstat use?

    A. Port 7
    B. Port 15
    C. Port 23
    D. Port 69

  • Question 320:

    Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

    A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \ProfileList
    B. HKEY_LOCAL_MACHlNE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \NetworkList
    C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentsVersion \setup
    D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.