1. Home
  2. EC-COUNCIL
  3. 312-49V9

EC-Council Certified Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49V9
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :Apr 14, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V9 Questions & Answers

  • Question 441:

    Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system

    Network forensics can reveal: (Select three answers)

    A. Source of security incidents' and network attacks

    B. Path of the attack

    C. Intrusion techniques used by attackers

    D. Hardware configuration of the attacker's system

  • Question 442:

    Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

    A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM

    B. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN

    C. He should again attempt PIN guesses after a time of 24 hours

    D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM

  • Question 443:

    An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse.

    Which of the following intrusion detection systems audit events that occur on a specific host?

    A. Network-based intrusion detection

    B. Host-based intrusion detection

    C. Log file monitoring

    D. File integrity checking

  • Question 444:

    Identify the attack from following sequence of actions? Step 1: A user logs in to a trusted site and creates a new session Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser Step 3: The user is tricked to visit a malicious site Step 4: the malicious site sends a request from the user's browser using his session cookie

    A. Web Application Denial-of-Service (DoS) Attack

    B. Cross-Site Scripting (XSS) Attacks

    C. Cross-Site Request Forgery (CSRF) Attack

    D. Hidden Field Manipulation Attack

  • Question 445:

    Which of the following is not a part of the technical specification of the laboratory-based imaging system?

    A. High performance workstation PC

    B. Remote preview and imaging pod

    C. Anti-repudiation techniques

    D. very low image capture rate

  • Question 446:

    Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc.

    Which of the following network attacks refers to a process in which an attacker changes his or her IP address so that he or she appears to be someone else?

    A. IP address spoofing

    B. Man-in-the-middle attack

    C. Denial of Service attack

    D. Session sniffing

  • Question 447:

    LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

    A. Sequential number

    B. Index number

    C. Operating system number

    D. Sector number

  • Question 448:

    Email spoofing refers to:

    A. The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source

    B. The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information

    C. Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address Is hosted to cause a denial-of-service attack

    D. A sudden spike of "Reply All" messages on an email distribution list, caused by one misdirected message

  • Question 449:

    Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.

    Identify the attack referred.

    A. Directory traversal

    B. SQL Injection

    C. XSS attack

    D. File injection

  • Question 450:

    Netstat is a tool for collecting Information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics.

    Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

    A. netstat -ano

    B. netstat -b

    C. netstat -r

    D. netstat -s

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.