1. Home
  2. EC-COUNCIL
  3. 312-49V9

EC-Council Certified Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49V9
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :Apr 14, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V9 Questions & Answers

  • Question 51:

    Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the number of exits needed. How many exits should Steven include in his design for the computer forensics lab?

    A. Three

    B. One

    C. Two

    D. Four

  • Question 52:

    What will the following command accomplish in Linux? fdisk /dev/hda

    A. Partition the hard drive

    B. Format the hard drive

    C. Delete all files under the /dev/hda folder

    D. Fill the disk with zeros

  • Question 53:

    You should make at least how many bit-stream copies of a suspect drive?

    A. 1

    B. 2

    C. 3

    D. 4

  • Question 54:

    What should you do when approached by a reporter about a case that you are working on or have worked on?

    A. Refer the reporter to the attorney that retained you

    B. Say, o comment?Say, ?o comment

    C. Answer all the reporter questions as completely as possibleAnswer all the reporter? questions as completely as possible

    D. Answer only the questions that help your case

  • Question 55:

    If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

    A. deltree command

    B. CMOS

    C. Boot.sys

    D. Scandisk utility

    E. boot.ini

  • Question 56:

    An Expert witness gives an opinion if:

    A. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

    B. To define the issues of the case for determination by the finder of fact

    C. To stimulate discussion between the consulting expert and the expert witness

    D. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

  • Question 57:

    A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.

    (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=

    03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84 Len: 64

    01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................

    00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................

    00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................

    00 00 00 11 00 00 00 00 ........

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=

    03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773

    UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104

    Len: 1084

    47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............

    00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ...............

    3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.^.....localhost

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+

    03/15-20:21:36.539731 211.185.125.124:4450 -> 172.16.1.108:39168

    TCP TTL:43 TOS:0x0 ID:31660 IpLen:20 DgmLen:71 DF

    ***AP*** Seq: 0x9C6D2BFF Ack: 0x59606333 Win: 0x7D78 TcpLen: 32

    TCP Options (3) => NOP NOP TS: 23679878 2880015

    63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20 cd /; uname -a;

    69 64 3B id;

    A. The attacker has conducted a network sweep on port 111

    B. The attacker has scanned and exploited the system using Buffer Overflow

    C. The attacker has used a Trojan on port 32773

    D. The attacker has installed a backdoor

  • Question 58:

    After passing her CEH exam, Carol wants to ensure that her network is completely secure. She

    implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security

    measures were taken, none of the hosts on her network can reach the Internet.

    Why is that?

    A. IPSEC does not work with packet filtering firewalls

    B. Statefull firewalls do not work with packet filtering firewalls

    C. NAT does not work with IPSEC

    D. NAT does not work with statefull firewalls

  • Question 59:

    Where is the startup configuration located on a router?

    A. Static RAM

    B. BootROM

    C. NVRAM

    D. Dynamic RAM

  • Question 60:

    What feature of Windows is the following command trying to utilize?

    A. White space

    B. AFS

    C. ADS

    D. Slack file

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.