1. Home
  2. EC-COUNCIL
  3. 312-49V9

EC-Council Certified Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49V9
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :Apr 14, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V9 Questions & Answers

  • Question 201:

    When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

    A. Recycle Bin

    B. MSDOS.sys

    C. BIOS

    D. Case files

  • Question 202:

    A. Snort

    B. Airsnort

    C. Ettercap

    D. RaidSniff

  • Question 203:

    Why would you need to find out the gateway of a device when investigating a wireless attack?

    A. The gateway will be the IP of the proxy server used by the attacker to launch the attack

    B. The gateway will be the IP of the attacker computerThe gateway will be the IP of the attacker? computer

    C. The gateway will be the IP used to manage the RADIUS server

    D. The gateway will be the IP used to manage the access point

  • Question 204:

    Software firewalls work at which layer of the OSI model?

    A. Transport

    B. Application

    C. Data Link

    D. Network

  • Question 205:

    You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as other members of your team collect it. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

    A. All forms should be placed in an approved secure container because they are now primary evidence in the case

    B. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file

    C. All forms should be placed in the report file because they are now primary evidence in the case

    D. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an

    approved secure container

  • Question 206:

    When a router receives an update for its routing table, what is the metric value change to that path?

    A. Increased by 2

    B. Decreased by 1

    C. Increased by 1

    D. Decreased by 2

  • Question 207:

    When an investigator contacts by telephone the domain administrator or controller listed by a whois lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

    A. Title 18, Section 1030

    B. Title 18, Section 2703(d)

    C. Title 18, Section Chapter 90

    D. Title 18, Section 2703(f)

  • Question 208:

    Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

    A. The manufacturer of the system compromised

    B. The logic, formatting and elegance of the code used in the attack

    C. The nature of the attack

    D. The vulnerability exploited in the incident

  • Question 209:

    From the following spam mail header, identify the host IP that sent this spam?

    From [email protected] [email protected] Tue Nov 27 17:27:11 2001

    Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6)

    with ESMTP id

    fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)

    Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk

    (8.12.1/8.12.1)

    with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)

    Message-Id: >[email protected]

    From: "china hotel web"

    To: "Shlam"

    Subject: SHANGHAI (HILTON HOTEL) PACKAGE

    Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0

    X-Priority: 3 X-MSMail-

    Priority: Normal

    Reply-To: "china hotel web"

    A. 137.189.96.52

    B. 8.12.1.0

    C. 203.218.39.20

    D. 203.218.39.50

  • Question 210:

    Which response organization tracks hoaxes as well as viruses?

    A. NIPC

    B. FEDCIRC

    C. CERT

    D. CIAC

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.