Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

312-49v10 ECCouncil Computer Hacking Forensic Investigator (CHFI-v10) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your ECCouncil 312-49v10 Computer Hacking Forensic Investigator (CHFI-v10) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 3 / 8
Total 704 questions

What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

A.

AA55

B.

00AA

C.

AA00

D.

A100

In a computer that has Dropbox client installed, which of the following files related to the Dropbox client store information about local Dropbox installation and the Dropbox user account, along with email IDs linked with the account?

A.

config.db

B.

install.db

C.

sigstore.db

D.

filecache.db

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the system?

A.

Net config

B.

Net sessions

C.

Net share

D.

Net stat

An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?

A.

Security event was monitored but not stopped

B.

Malicious URL detected

C.

An email marked as potential spam

D.

Connection rejected

Which of the following statements is true regarding SMTP Server?

A.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her designation before passing it to the DNS Server

B.

SMTP Server breaks the recipient's address into Recipient’s name and recipient’s address before passing it to the DNS Server

C.

SMTP Server breaks the recipient’s address into Recipient’s name and domain name before passing it to the DNS Server

D.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her initial before passing it to the DNS Server

What is cold boot (hard boot)?

A.

It is the process of restarting a computer that is already in sleep mode

B.

It is the process of shutting down a computer from a powered-on or on state

C.

It is the process of restarting a computer that is already turned on through the operating system

D.

It is the process of starting a computer from a powered-down or off state

Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.

A.

Waffen FS

B.

RuneFS

C.

FragFS

D.

Slacker

Consider that you are investigating a machine running an Windows OS released prior to Windows Vista. You are trying to gather information about the deleted files by examining the master database file named INFO2 located at C:\Recycler\\. You read an entry named "Dd5.exe". What does Dd5.exe mean?

A.

D drive. fifth file deleted, a .exe file

B.

D drive, fourth file restored, a .exe file

C.

D drive, fourth file deleted, a .exe file

D.

D drive, sixth file deleted, a .exe file

Which of the following statements is incorrect when preserving digital evidence?

A.

Verify if the monitor is in on, off, or in sleep mode

B.

Turn on the computer and extract Windows event viewer log files

C.

Remove the plug from the power router or modem

D.

Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals

What must an attorney do first before you are called to testify as an expert?

A.

Qualify you as an expert witness

B.

Read your curriculum vitae to the jury

C.

Engage in damage control

D.

Prove that the tools you used to conduct your examination are perfect

In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

A.

Chosen-message attack

B.

Known-cover attack

C.

Known-message attack

D.

Known-stego attack

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN-ABCDE12345F.” Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?

A.

WIN-ABCDE12345F.err

B.

WIN-ABCDE12345F-bin.n

C.

WIN-ABCDE12345F.pid

D.

WIN-ABCDE12345F.log

James is dealing with a case regarding a cybercrime that has taken place in Arizona, USA. James needs to lawfully seize the evidence from an electronic device without affecting the user's anonymity. Which of the following law should he comply with, before retrieving the evidence?

A.

First Amendment of the U.S. Constitution

B.

Fourth Amendment of the U.S. Constitution

C.

Third Amendment of the U.S. Constitution

D.

Fifth Amendment of the U.S. Constitution

Which of the following does Microsoft Exchange E-mail Server use for collaboration of various e-mail applications?

A.

Simple Mail Transfer Protocol (SMTP)

B.

Messaging Application Programming Interface (MAPI)

C.

Internet Message Access Protocol (IMAP)

D.

Post Office Protocol version 3 (POP3)

What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?

A.

Disk deletion

B.

Disk cleaning

C.

Disk degaussing

D.

Disk magnetization

Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted so as to cause a denial-of-service attack?

A.

Email spamming

B.

Phishing

C.

Email spoofing

D.

Mail bombing

Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?

A.

OpenGL/ES and SGL

B.

Surface Manager

C.

Media framework

D.

WebKit

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

A.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

B.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

C.

if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

A.

Expert Witness

B.

Evidence Examiner

C.

Forensic Examiner

D.

Defense Witness

Which of the following statements is TRUE about SQL Server error logs?

A.

SQL Server error logs record all the events occurred on the SQL Server and its databases

B.

Forensic investigator uses SQL Server Profiler to view error log files

C.

Error logs contain IP address of SQL Server client connections

D.

Trace files record, user-defined events, and specific system events

Which of the following tool is used to locate IP addresses?

A.

SmartWhois

B.

Deep Log Analyzer

C.

Towelroot

D.

XRY LOGICAL

Which of the following tools is not a data acquisition hardware tool?

A.

UltraKit

B.

Atola Insight Forensic

C.

F-Response Imager

D.

Triage-Responder

Robert, a cloud architect, received a huge bill from the cloud service provider, which usually doesn't happen. After analyzing the bill, he found that the cloud resource consumption was very high. He then examined the cloud server and discovered that a malicious code was running on the server, which was generating huge but harmless traffic from the server. This means that the server has been compromised by an attacker with the sole intention to hurt the cloud customer financially. Which attack is described in the above scenario?

A.

XSS Attack

B.

DDoS Attack (Distributed Denial of Service)

C.

Man-in-the-cloud Attack

D.

EDoS Attack (Economic Denial of Service)

Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

A.

File fingerprinting

B.

Identifying file obfuscation

C.

Static analysis

D.

Dynamic analysis

What is the location of a Protective MBR in a GPT disk layout?

A.

Logical Block Address (LBA) 2

B.

Logical Block Address (LBA) 0

C.

Logical Block Address (LBA) 1

D.

Logical Block Address (LBA) 3

Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from

Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network

vulnerability assessment plan?

A.

Their first step is to make a hypothesis of what their final findings will be.

B.

Their first step is to create an initial Executive report to show the management team.

C.

Their first step is to analyze the data they have currently gathered from the company or interviews.

D.

Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

A.

ISO 9660

B.

ISO/IEC 13940

C.

ISO 9060

D.

IEC 3490

What is the purpose of using Obfuscator in malware?

A.

Execute malicious code in the system

B.

Avoid encryption while passing through a VPN

C.

Avoid detection by security mechanisms

D.

Propagate malware to other connected devices

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

A.

Robust copy

B.

Incremental backup copy

C.

Bit-stream copy

D.

Full backup copy

An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as:

A.

Type Allocation Code (TAC)

B.

Integrated Circuit Code (ICC)

C.

Manufacturer Identification Code (MIC)

D.

Device Origin Code (DOC)

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 3 / 8
Total 704 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved