1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-Council Certified Computer Hacking Forensic Investigator (V10)

Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1006 Q&As
  • Last Updated
    :Apr 12, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V10 Questions & Answers

  • Question 321:

    What should you do when approached by a reporter about a case that you are working on or have worked on?

    A. Refer the reporter to the attorney that retained you

    B. Say, o comment?Say, ?o comment

    C. Answer all the reporter questions as completely as possibleAnswer all the reporter? questions as completely as possible

    D. Answer only the questions that help your case

  • Question 322:

    If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

    A. deltree command

    B. CMOS

    C. Boot.sys

    D. Scandisk utility

    E. boot.ini

  • Question 323:

    An Expert witness gives an opinion if:

    A. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

    B. To define the issues of the case for determination by the finder of fact

    C. To stimulate discussion between the consulting expert and the expert witness

    D. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

  • Question 324:

    After passing her CEH exam, Carol wants to ensure that her network is completely secure. She

    implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security

    measures were taken, none of the hosts on her network can reach the Internet.

    Why is that?

    A. IPSEC does not work with packet filtering firewalls

    B. Statefull firewalls do not work with packet filtering firewalls

    C. NAT does not work with IPSEC

    D. NAT does not work with statefull firewalls

  • Question 325:

    A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.

    (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=

    03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84 Len: 64

    01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................

    00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................

    00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................

    00 00 00 11 00 00 00 00 ........

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=

    03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773

    UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104

    Len: 1084

    47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............

    00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ...............

    3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.^.....localhost

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+

    03/15-20:21:36.539731 211.185.125.124:4450 -> 172.16.1.108:39168

    TCP TTL:43 TOS:0x0 ID:31660 IpLen:20 DgmLen:71 DF

    ***AP*** Seq: 0x9C6D2BFF Ack: 0x59606333 Win: 0x7D78 TcpLen: 32

    TCP Options (3) => NOP NOP TS: 23679878 2880015

    63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20 cd /; uname -a;

    69 64 3B id;

    A. The attacker has conducted a network sweep on port 111

    B. The attacker has scanned and exploited the system using Buffer Overflow

    C. The attacker has used a Trojan on port 32773

    D. The attacker has installed a backdoor

  • Question 326:

    What feature of Windows is the following command trying to utilize?

    A. White space

    B. AFS

    C. ADS

    D. Slack file

  • Question 327:

    Where is the startup configuration located on a router?

    A. Static RAM

    B. BootROM

    C. NVRAM

    D. Dynamic RAM

  • Question 328:

    What information do you need to recover when searching a victim computer for a crime committed with specific e-mail message?What information do you need to recover when searching a victim? computer for a crime committed with specific e-mail message?

    A. Internet service provider information

    B. E-mail header

    C. Username and password

    D. Firewall log

  • Question 329:

    The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

    A. Locard Exchange Principle

    B. Clark Standard

    C. Kelly Policy

    D. Silver-Platter Doctrine

  • Question 330:

    Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

    Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

    Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

    Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

    A. Disallow UDP 53 in from outside to DNS server

    B. Allow UDP 53 in from DNS server to outside

    C. Disallow TCP 53 in from secondaries or ISP server to DNS server

    D. Block all UDP traffic

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.