1. Home
  2. EC-COUNCIL
  3. 312-49

ECCouncil Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :Apr 19, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers

  • Question 251:

    Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

    A. The data is still present until the original location of the file is used

    B. The data is moved to the Restore directory and is kept there indefinitely

    C. The data will reside in the L2 cache on a Windows computer until it is manually deleted

    D. It is not possible to recover data that has been emptied from the Recycle Bin

  • Question 252:

    On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

    A. SAM

    B. AMS

    C. Shadow file

    D. Password.conf

  • Question 253:

    This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.

    A. Civil litigation testimony

    B. Expert testimony

    C. Victim advocate testimony

    D. Technical testimony

  • Question 254:

    When investigating a wireless attack, what information can be obtained from the DHCP logs?

    A. The operating system of the attacker and victim computers

    B. IP traffic between the attacker and the victim

    C. MAC address of the attacker

    D. If any computers on the network are running in promiscuous mode

  • Question 255:

    A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.

    What can the investigator infer from the screenshot seen below?

    A. A smurf attack has been attempted

    B. A denial of service has been attempted

    C. Network intrusion has occurred

    D. Buffer overflow attempt on the firewall.

  • Question 256:

    What will the following command accomplish in Linux? fdisk /dev/hda

    A. Partition the hard drive

    B. Format the hard drive

    C. Delete all files under the /dev/hda folder

    D. Fill the disk with zeros

  • Question 257:

    In the following email header, where did the email first originate from?

    A. Somedomain.com

    B. Smtp1.somedomain.com

    C. Simon1.state.ok.gov.us

    D. David1.state.ok.gov.us

  • Question 258:

    What type of analysis helps to identify the time and sequence of events in an investigation?

    A. Time-based

    B. Functional

    C. Relational

    D. Temporal

  • Question 259:

    Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then

    discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company PBX system be called?

    A. Phreaking

    B. Squatting

    C. Crunching

    D. Pretexting

  • Question 260:

    What encryption technology is used on Blackberry devices Password Keeper?

    A. 3DES

    B. AES

    C. Blowfish

    D. RC5

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.