312-49 ECCouncil Computer Hacking Forensic Investigator exact Exam Questions

Computer Hacking Forensic Investigator

Last Update 1 day ago Total Questions : 531

The Computer Hacking Forensic Investigator content is now fully updated, with all current exam questions added 1 day ago. Deciding to include 312-49 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our 312-49 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 312-49 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Computer Hacking Forensic Investigator practice test comfortably within the allotted time.

Question # 31

When investigating a Windows System, it is important to view the contents of the page or swap file because:

Windows stores all of the systems configuration information in this file

This is file that windows use to communicate directly with Registry

A Large volume of data can exist within the swap file of which the computer user has no knowledge

This is the file that windows use to store the history of the last 100 commands that were run from the command line

Question # 32

Which is a standard procedure to perform during all computer forensics investigations?

with the hard drive removed from the suspect PC, check the date and time in the system ' s CMOS

with the hard drive in the suspect PC, check the date and time in the File Allocation Table

with the hard drive removed from the suspect PC, check the date and time in the system ' s RAM

with the hard drive in the suspect PC, check the date and time in the system ' s CMOS

Question # 33

One way to identify the presence of hidden partitions on a suspect ' s hard drive is to:

Add up the total size of all known partitions and compare it to the total size of the hard drive

Examine the FAT and identify hidden partitions by noting an H in the partition Type field

Examine the LILO and note an H in the partition Type field

It is not possible to have hidden partitions on a hard drive

Question # 34

Madison is on trial for allegedly breaking into her university’s internal network. The police raided her dorm room and seized all of her computer equipment. Madison’s lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison’s lawyer trying to prove the police violated?

The 4 th Amendment

The 1 st Amendment

The 10 th Amendment

The 5 th Amendment

Question # 35

Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?

Shortcut Files

Virtual files

Prefetch Files

Image Files

Question # 36

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.

logical

anti-magnetic

magnetic

optical

Question # 37

How many sectors will a 125 KB file use in a FAT32 file system?

256

Question # 38

Which file is a sequence of bytes organized into blocks understandable by the system’s linker?

executable file

source file

Object file

None of these

Question # 39

When a router receives an update for its routing table, what is the metric value change to that path?

Increased by 2

Decreased by 1

Increased by 1

Decreased by 2

Question # 40

Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

The data is still present until the original location of the file is used

The data is moved to the Restore directory and is kept there indefinitely

The data will reside in the L2 cache on a Windows computer until it is manually deleted

It is not possible to recover data that has been emptied from the Recycle Bin

Question # 41

What type of attack sends SYN requests to a target system with spoofed IP addresses?

SYN flood

Ping of death

Cross site scripting

Land

Question # 42

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data.

What method would be most efficient for you to acquire digital evidence from this network?

create a compressed copy of the file with DoubleSpace

create a sparse data copy of a folder or file

make a bit-stream disk-to-image file

make a bit-stream disk-to-disk file

Question # 43

How many times can data be written to a DVD+R disk?

Twice

Once

Zero

Infinite

Question # 44

When obtaining a warrant, it is important to:

particularlydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and generally describe the items to be seized

particularlydescribe the place to be searched and generally describe the items to be seized

Question # 45

If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

true

false