1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-Council Certified Computer Hacking Forensic Investigator (V10)

Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1006 Q&As
  • Last Updated
    :Apr 12, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V10 Questions & Answers

  • Question 221:

    Which Linux command when executed displays kernel ring buffers or information about device drivers loaded into the kernel?

    A. pgrep

    B. dmesg

    C. fsck

    D. grep

  • Question 222:

    Which among the following tools can help a forensic investigator to access the registry files during postmortem analysis?

    A. RegistryChangesView

    B. RegDIIView

    C. RegRipper

    D. ProDiscover

  • Question 223:

    Consider that you are investigating a machine running an Windows OS released prior to Windows Vista. You are trying to gather information about the deleted files by examining the master database file named INFO2 located at C:\Recycler\\. You read an entry named "Dd5.exe". What does Dd5.exe mean?

    A. D drive. fifth file deleted, a .exe file

    B. D drive, fourth file restored, a .exe file

    C. D drive, fourth file deleted, a .exe file

    D. D drive, sixth file deleted, a .exe file

  • Question 224:

    Which of the following statements is TRUE about SQL Server error logs?

    A. SQL Server error logs record all the events occurred on the SQL Server and its databases

    B. Forensic investigator uses SQL Server Profiler to view error log files

    C. Error logs contain IP address of SQL Server client connections

    D. Trace files record, user-defined events, and specific system events

  • Question 225:

    Which of the following web browser uses the Extensible Storage Engine (ESE) database format to store browsing records, including history, cache, and cookies?

    A. Safari

    B. Mozilla Firefox

    C. Microsoft Edge

    D. Google Chrome

  • Question 226:

    Which U.S. law sets the rules for sending emails for commercial purposes, establishes the minimum requirements for commercial messaging, gives the recipients of emails the right to ask the senders to stop emailing them, and spells out the penalties in case the above said rules are violated?

    A. NO-SPAM Act

    B. American: NAVSO P-5239-26 (RLL)

    C. CAN-SPAM Act

    D. American: DoD 5220.22-M

  • Question 227:

    An attacker successfully gained access to a remote Windows system and plans to install persistent backdoors on it. Before that, to avoid getting detected in future, he wants to cover his tracks by disabling the last-accessed timestamps of the machine. What would he do to achieve this?

    A. Set the registry value of HKLM\SYSTEM\CurrentControlSet\Control\FileSystem \NtfsDisableLastAccessUpdate to 0

    B. Run the command fsutil behavior set disablelastaccess 0

    C. Set the registry value of HKLM\SYSTEM\CurrentControlSet\Control\FileSystem \NtfsDisableLastAccessUpdate to 1

    D. Run the command fsutil behavior set enablelastaccess 0

  • Question 228:

    Which cloud model allows an investigator to acquire the instance of a virtual machine and initiate the forensics examination process?

    A. PaaS model

    B. IaaS model

    C. SaaS model

    D. SecaaS model

  • Question 229:

    Which of the following statements is TRUE with respect to the Registry settings in the user start-up folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\

    A. All the values in this subkey run when specific user logs on, as this setting is user-specific

    B. The string specified in the value run executes when user logs on

    C. All the values in this key are executed at system start-up

    D. All values in this subkey run when specific user logs on and then the values are deleted

  • Question 230:

    While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

    A. Start and end points for log sequence numbers are specified

    B. Start and end points for log files are not specified

    C. Start and end points for log files are specified

    D. Start and end points for log sequence numbers are not specified

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.