Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Computer Hacking Forensic Investigator

Last Update 1 day ago Total Questions : 531

The Computer Hacking Forensic Investigator content is now fully updated, with all current exam questions added 1 day ago. Deciding to include 312-49 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our 312-49 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 312-49 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Computer Hacking Forensic Investigator practice test comfortably within the allotted time.

Question # 91

Which of the following setups should a tester choose to analyze malware behavior?

A.

A virtual system with internet connection

B.

A normal system without internet connect

C.

A normal system with internet connection

D.

A virtual system with network simulation for internet connection

Question # 92

Casey has acquired data from a hard disk in an open source acquisition format that allows her to generate compressed or uncompressed image files. What format did she use?

A.

Portable Document Format

B.

Advanced Forensics Format (AFF)

C.

Proprietary Format

D.

Raw Format

Question # 93

Who is responsible for the following tasks?

    Secure the scene and ensure that is maintained in a secure state until the Forensic Team advises

    Make notes about the scene that will eventually be handed over to the Forensic Team

A.

Non-forensics staff

B.

Lawyers

C.

System administrators

D.

Local managers or other non-forensic staff

Question # 94

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

A.

SAM

B.

AMS

C.

Shadow file

D.

Password.conf

Question # 95

What is the size value of a nibble?

A.

0.5 kilo byte

B.

0.5 bit

C.

0.5 byte

D.

2 bits

Question # 96

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

A.

rootkit

B.

key escrow

C.

steganography

D.

Offset

Question # 97

The following is a log file screenshot from a default installation of IIS 6.0.

What time standard is used by IIS as seen in the screenshot?

A.

UTC

B.

GMT

C.

TAI

D.

UT

Question # 98

A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.

A.

Mere Suspicion

B.

A preponderance of the evidence

C.

Probable cause

D.

Beyond a reasonable doubt

Question # 99

Which of the following does not describe the type of data density on a hard disk?

A.

Volume density

B.

Track density

C.

Linear or recording density

D.

Areal density

Question # 100

Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

A.

Cross Examination

B.

Direct Examination

C.

Indirect Examination

D.

Witness Examination

Question # 101

Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, access rights or others features that they may need in order to accomplish their objectives. One simple method for loading an application at startup is to add an entry (Key) to the following Registry Hive:

A.

HKEY_LOCAL_MACHINE\hardware\windows\start

B.

HKEY_LOCAL_USERS\Software\Microsoft\old\Version\Load

C.

HKEY_CURRENT_USER\Microsoft\Default

D.

HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Run

Question # 102

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish?

dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

A.

Fill the disk with zeros

B.

Low-level format

C.

Fill the disk with 4096 zeros

D.

Copy files from the master disk to the slave disk on the secondary IDE controller

Question # 103

Which of the following techniques delete the files permanently?

A.

Steganography

B.

Artifact Wiping

C.

Data Hiding

D.

Trail obfuscation

Question # 104

Graphics Interchange Format (GIF) is a ____ RGB bitmap image format for images with up to 256 distinct colors per frame.

A.

8-bit

B.

32-bit

C.

16-bit

D.

24-bit

Question # 105

Why would you need to find out the gateway of a device when investigating a wireless attack?

A.

The gateway will be the IP of the proxy server used by the attacker to launch the attack

B.

The gateway will be the IP of the attacker computer

C.

The gateway will be the IP used to manage the RADIUS server

D.

The gateway will be the IP used to manage the access point

Go to page:
312-49 PDF + Testing Engine
220-1201 pdf + testing engine
$154.49
$46.35 
220-1201 pdf + testing engine
  • Last Update: May 1, 2026
  • 531 Questions and Answers
  • Single Choice: 529 Q&A's
  • Multiple Choice: 2 Q&A's
 Add to Cart    View Detail

Related ECCouncil Certification Exams

New Release

AI-901 Exam Questions
App-Development-with-Swift-Certified-User Exam Questions
CAIPM Exam Questions
CPCM Exam Questions
RCA Exam Questions
I27001F Exam Questions
FlashArray-Storage-Professional Exam Questions
API-SIEE Exam Questions
Workday-Pro-Time-Tracking Exam Questions
ZTCA Exam Questions
Accounting-for-Decision-Makers Exam Questions
TPAD01 Exam Questions
CPHIMS Exam Questions
Archer-Expert Exam Questions
C-KPIP Exam Questions