Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. EC-Council
  3. 312-49v10

EC-Council 312-49v10 Exam (page: 18)
EC-Council Computer Hacking Forensic Investigator
Updated on: 09-Feb-2026

Viewing Page 18 of 138
312-49v10 PDF 831 Questions

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the
Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the les to a oppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the oppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

  1. EFS uses a 128-bit key that can't be cracked, so you will not be able to recover the information

  2. When the encrypted le was copied to the oppy disk, it was automatically unencrypted, so you can recover the information.
  3. The EFS Revoked Key Agent can be used on the Computer to recover the information

  4. When the Encrypted le was copied to the oppy disk, the EFS private key was also copied to the oppy disk, so you can recover the information.

Answer(s): B



When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

  1. Recycle Bin
  2. MSDOS.sys
  3. BIOS
  4. Case les

Answer(s): A



You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects house was searched by the police after a warrant was obtained and they located a oppy disk in the suspects bedroom. The disk contains several les, but they appear to be password protected.
What are two common methods used by password cracking software that you can use to obtain the password?

  1. Limited force and library attack
  2. Brute Force and dictionary Attack
  3. Maximum force and thesaurus Attack
  4. Minimum force and appendix Attack

Answer(s): B



When reviewing web logs, you see an entry for resource not found in the HTTP status code led.
What is the actual error code that you would see in the log for resource not found?

  1. 202
  2. 404
  3. 505
  4. 909

Answer(s): B



Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

  1. Use VMware to be able to capture the data in memory and examine it
  2. Give the Operating System a minimal amount of memory, forcing it to use a swap le
  3. Create a Separate partition of several hundred megabytes and place the swap le there
  4. Use intrusion forensic techniques to study memory resident infections

Answer(s): D



Viewing Page 18 of 138



Share your comments for EC-Council 312-49v10 exam with other users:

Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Christopher 9/5/2022 10:54:00 PM

the new versoin of this exam which i downloaded has all the latest questions from the exam. i only saw 3 new questions in the exam which was not in this dump.
CANADA


Aloke Paul 9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...
CHINA