Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free ECCouncil 312-49v9 Practice Exam with Questions & Answers | Set: 10

Questions 136

A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried guessing the password using the suspect’s available information but without any success. Which of the following tool can help the investigator to solve this issue?

Options:
A.

Cain & Abel

B.

Xplico

C.

Recuva

D.

Colasoft’s Capsa

ECCouncil 312-49v9 Premium Access
Questions 137

Which component in the hard disk moves over the platter to read and write information?

Options:
A.

Actuator

B.

Spindle

C.

Actuator Axis

D.

Head

Questions 138

Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted so as to cause a denial-of-service attack?

Options:
A.

Email spamming

B.

Phishing

C.

Email spoofing

D.

Mail bombing

Questions 139

In which cloud crime do attackers try to compromise the security of the cloud environment in order to steal data or inject a malware?

Options:
A.

Cloud as an Object

B.

Cloud as a Tool

C.

Cloud as an Application

D.

Cloud as a Subject

Questions 140

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN-ABCDE12345F.” Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?

Options:
A.

WIN-ABCDE12345F.err

B.

WIN-ABCDE12345F-bin.n

C.

WIN-ABCDE12345F.pid

D.

WIN-ABCDE12345F.log

Questions 141

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

Options:
A.

All three servers need to be placed internally

B.

A web server and the database server facing the Internet, an application server on the internal network

C.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Questions 142

Amber, a black hat hacker, has embedded malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?

Options:
A.

Malvertising

B.

Compromising a legitimate site

C.

Click-jacking

D.

Spearphishing

Questions 143

After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?

Options:
A.

PRIV.STM

B.

PUB.EDB

C.

PRIV.EDB

D.

PUB.STM

Questions 144

Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

Options:
A.

Adjacent memory locations

B.

Adjacent bit blocks

C.

Adjacent buffer locations

D.

Adjacent string locations

Questions 145

Which of these rootkit detection techniques function by comparing a snapshot of the file system, boot records, or memory with a known and trusted baseline?

Options:
A.

Signature-Based Detection

B.

Integrity-Based Detection

C.

Cross View-Based Detection

D.

Heuristic/Behavior-Based Detection

Questions 146

> NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?

Options:
A.

A trace sweep

B.

A port scan

C.

A ping scan

D.

An operating system detect

Questions 147

Rusty, a computer forensics apprentice, uses the command nbtstat –c while analyzing the network information in a suspect system. What information is he looking for?

Options:
A.

Contents of the network routing table

B.

Status of the network carrier

C.

Contents of the NetBIOS name cache

D.

Network connections

Questions 148

In which registry does the system store the Microsoft security IDs?

Options:
A.

HKEY_CLASSES_ROOT (HKCR)

B.

HKEY_CURRENT_CONFIG (HKCC)

C.

HKEY_CURRENT_USER (HKCU)

D.

HKEY_LOCAL_MACHINE (HKLM)

Questions 149

What is the purpose of using Obfuscator in malware?

Options:
A.

Execute malicious code in the system

B.

Avoid encryption while passing through a VPN

C.

Avoid detection by security mechanisms

D.

Propagate malware to other connected devices

Questions 150

Which of the following information is displayed when Netstat is used with -ano switch?

Options:
A.

Ethernet statistics

B.

Contents of IP routing table

C.

Details of routing table

D.

Details of TCP and UDP connections

Exam Code: 312-49v9
Certification Provider: ECCouncil
Exam Name: Computer Hacking Forensic Investigator (v9)
Last Update: Mar 23, 2025
Questions: 589

ECCouncil Related Exams

312-96 - Certified Application Security Engineer (CASE) JAVA
212-89 - EC Council Certified Incident Handler (ECIH v3)
312-85 - Certified Threat Intelligence Analyst (CTIA)
112-51 - Network Defense Essentials (NDE) Exam
312-39 - Certified SOC Analyst (CSA)
312-82 - EC-CouncilBlockchain Fintech CertificationB|FC exam
312-50v11 - Certified Ethical Hacker Exam (CEH v11)
212-77 - Linux Security
312-76 - Disaster Recovery Professional Practice Test
312-50v12 - Certified Ethical Hacker Exam (CEHv12)
212-81 - EC-Council Certified Encryption Specialist (ECES)
312-50 - Certified Ethical Hacker Exam
EC0-350 - Ethical Hacking and Countermeasures V8
312-75 - Certified EC-Council Instructor (CEI)
212-82 - Certified Cybersecurity Technician (C|CT)
ECCouncil Free Access
Get ECCouncil Full Access

ECCouncil Free Exams
ECCouncil Free Exams
Discover free ECCouncil exam prep resources at Examstrack. Access practice tests and study materials to enhance your ECCouncil exam success.