• Home
  • Articles
  • 312-49v10 Questions - Truly Beneficial For Your EC-COUNCIL Exam (Updated 706 Questions) [Q20-Q42]

312-49v10 Questions - Truly Beneficial For Your EC-COUNCIL Exam (Updated 706 Questions) [Q20-Q42]

Share

312-49v10 Questions - Truly Beneficial For Your EC-COUNCIL Exam (Updated 706 Questions)

View All 312-49v10 Actual Exam Questions, Answers and Explanations for Free


EC-COUNCIL 312-49v10 (Computer Hacking Forensic Investigator (CHFI-v10)) Certification Exam is a globally recognized certification for professionals who specialize in computer forensics. Computer Hacking Forensic Investigator (CHFI-v10) certification exam is designed to test the skills and knowledge of professionals who are involved in conducting computer investigations, as well as those who are responsible for the security of computer systems.

 

NEW QUESTION # 20
You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

  • A. 70 years
  • B. the life of the author plus 70 years
  • C. the life of the author
  • D. copyrights last forever

Answer: B


NEW QUESTION # 21
Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

  • A. ISO 9060
  • B. ISO 9660
  • C. IEC 3490
  • D. ISO/IEC 13940

Answer: B


NEW QUESTION # 22
What happens when a file is deleted by a Microsoft operating system using the FAT file system?

  • A. the file is erased but can be recovered
  • B. a copy of the file is stored and the original file is erased
  • C. the file is erased and cannot be recovered
  • D. only the reference to the file is removed from the FAT

Answer: D


NEW QUESTION # 23
To check for POP3 traffic using Ethereal, what port should an investigator search by?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C


NEW QUESTION # 24
Which one of the following is not a first response procedure?

  • A. Crack passwords
  • B. Take photos
  • C. Fill forms
  • D. Preserve volatile data

Answer: A


NEW QUESTION # 25
What will the following command accomplish in Linux?
fdisk /dev/hda

  • A. Fill the disk with zeros
  • B. Delete all files under the /dev/hda folder
  • C. Partition the hard drive
  • D. Format the hard drive

Answer: C


NEW QUESTION # 26
Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgi a. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

  • A. Grill cipher
  • B. Text semagram
  • C. Visual cipher
  • D. Visual semagram

Answer: D


NEW QUESTION # 27
Which of the following tools will allow a forensic Investigator to acquire the memory dump of a suspect machine so that It may be Investigated on a forensic workstation to collect evidentiary data like processes and Tor browser artifacts?

  • A. Hex Editor
  • B. Bulk Extractor
  • C. Belkasoft Live RAM Capturer and AccessData FTK imager
  • D. DB Browser SQLite

Answer: C


NEW QUESTION # 28
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.
You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?

  • A. CGI code
  • B. Blind bug
  • C. Trojan.downloader
  • D. Web bug

Answer: D


NEW QUESTION # 29
Select the tool appropriate for finding the dynamically linked lists of an application or malware.

  • A. SysAnalyzer
  • B. ResourcesExtract
  • C. PEiD
  • D. Dependency Walker

Answer: D


NEW QUESTION # 30
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

  • A. Dynamic
  • B. Hybrid
  • C. Volatile
  • D. Static

Answer: A


NEW QUESTION # 31
Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. He wants to recover all the data, which includes his personal photos, music, documents, videos, official emails, etc. Which of the following tools shall resolve Bob's purpose?

  • A. Colasoft's Capsa
  • B. Recuva
  • C. Cain & Abel
  • D. Xplico

Answer: B


NEW QUESTION # 32
Debbie has obtained a warrant to search a known pedophiles house. Debbie went to the house and executed the search warrant to seize digital devices that have been recorded as being used for downloading Illicit Images. She seized all digital devices except a digital camer a. Why did she not collect the digital camera?

  • A. The digital camera was old. had a cracked screen, and did not have batteries. Therefore, it could not have been used in a crime.
  • B. The vehicle Debbie was using to transport the evidence was already full and could not carry more items
  • C. Debbie overlooked the digital camera because it is not a computer system
  • D. The digital camera was not listed as one of the digital devices in the warrant

Answer: D


NEW QUESTION # 33
An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as:

  • A. Manufacturer Identification Code (MIC)
  • B. Integrated Circuit Code (ICC)
  • C. Type Allocation Code (TAC)
  • D. Device Origin Code (DOC)

Answer: C


NEW QUESTION # 34
Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following tasklist commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

  • A. tasklist /v
  • B. tasklist /s
  • C. tasklist /u
  • D. tasklist /p

Answer: A


NEW QUESTION # 35
What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

  • A. NTLDR
  • B. LSASS.EXE
  • C. NTDETECT.COM
  • D. NTOSKRNL.EXE

Answer: D


NEW QUESTION # 36
Ronald, a forensic investigator, has been hired by a financial services organization to Investigate an attack on their MySQL database server, which Is hosted on a Windows machine named WIN-DTRAI83202X. Ronald wants to retrieve information on the changes that have been made to the database. Which of the following files should Ronald examine for this task?

  • A. WIN-DTRAI83202X-bin.nnnnnn
  • B. WIN-DTRAI83202Xslow.log
  • C. WIN-DTRAl83202Xrelay-bin.index
  • D. relay-log.info

Answer: B


NEW QUESTION # 37
Donald made an OS disk snapshot of a compromised Azure VM under a resource group being used by the affected company as a part of forensic analysis process. He then created a vhd file out of the snapshot and stored it in a file share and as a page blob as backup in a storage account under different region. What Is the next thing he should do as a security measure?

  • A. Delete the OS disk of the affected VM altogether
  • B. Create another VM by using the snapshot
  • C. Delete the snapshot from the source resource group
  • D. Recommend changing the access policies followed by the company

Answer: A


NEW QUESTION # 38
To preserve digital evidence, an investigator should ____________________.

  • A. Only store the original evidence item
  • B. Make a single copy of each evidence item using an approved imaging tool
  • C. Make two copies of each evidence item using a single imaging tool
  • D. Make two copies of each evidence item using different imaging tools

Answer: D


NEW QUESTION # 39
Which of the following is a MAC-based File Recovery Tool?

  • A. Cisdem DataRecovery 3
  • B. VirtualLab
  • C. Smart Undeleter
  • D. GetDataBack

Answer: A


NEW QUESTION # 40
Why should you never power on a computer that you need to acquire digital evidence from?

  • A. When the computer boots up, the system cache is cleared which could destroy evidence
  • B. Powering on a computer has no affect when needing to acquire digital evidence from it
  • C. When the computer boots up, data in the memory buffer is cleared which could destroy evidence
  • D. When the computer boots up, files are written to the computer rendering the data nclean

Answer: D


NEW QUESTION # 41
Cybercriminals sometimes use compromised computers to commit other crimes, which may involve using computers or networks to spread malware or Illegal Information. Which type of cybercrime stops users from using a device or network, or prevents a company from providing a software service to its customers?

  • A. Ransomware attack
  • B. Malware attack
  • C. Denial-of-Service (DoS) attack
  • D. Phishing

Answer: C


NEW QUESTION # 42
......

312-49v10 dumps Free Test Engine Verified By It Certified Experts: https://www.testpassking.com/312-49v10-exam-testking-pass.html

312-49v10 Exam Free Practice Test with100% Accurate Answers: https://drive.google.com/open?id=1Io8D_xGZ2txBbyJ0aDUS_hhcdTYuUave

Related Articles

more
EC-COUNCIL 312-49v10 Certification Practice Exam

Copyright © 2026 TestPassKing NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy