New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free ECCouncil 312-49v9 Practice Exam with Questions & Answers | Set: 8

Questions 106

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish?

dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

Options:
A.

Fill the disk with zeros

B.

Low-level format

C.

Fill the disk with 4096 zeros

D.

Copy files from the master disk to the slave disk on the secondary IDE controller

ECCouncil 312-49v9 Premium Access
Questions 107

Which of the following techniques can be used to beat steganography?

Options:
A.

Encryption

B.

Steganalysis

C.

Decryption

D.

Cryptanalysis

Questions 108

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

Options:
A.

Lossful compression

B.

Lossy compression

C.

Lossless compression

D.

Time-loss compression

Questions 109

Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

Options:
A.

netstat – r

B.

netstat – ano

C.

netstat – b

D.

netstat – s

Questions 110

Which of the following tools will help the investigator to analyze web server logs?

Options:
A.

XRY LOGICAL

B.

LanWhois

C.

Deep Log Monitor

D.

Deep Log Analyzer

Questions 111

Which MySQL log file contains information on server start and stop?

Options:
A.

Slow query log file

B.

General query log file

C.

Binary log

D.

Error log file

Questions 112

What stage of the incident handling process involves reporting events?

Options:
A.

Containment

B.

Follow-up

C.

Identification

D.

Recovery

Questions 113

Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive?

22,164 cylinders/disk

80 heads/cylinder

63 sectors/track

Options:
A.

53.26 GB

B.

57.19 GB

C.

11.17 GB

D.

10 GB

Questions 114

When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

 

Options:
A.

The year the evidence was taken

B.

The sequence number for the parts of the same exhibit

C.

The initials of the forensics analyst

D.

The sequential number of the exhibits seized

Questions 115

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

Options:
A.

NTOSKRNL.EXE

B.

NTLDR

C.

LSASS.EXE

D.

NTDETECT.COM

Questions 116

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

Options:
A.

PEBrowse Professional

B.

RegScanner

C.

RAM Capturer

D.

Dependency Walker

Questions 117

Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith found that the SIM was protected by a Personal Identification Number (PIN) code, but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He made three unsuccessful attempts, which blocked the SIM card. What can Jason do in this scenario to reset the PIN and access SIM data?

Options:
A.

He should contact the network operator for a Temporary Unlock Code (TUK)

B.

Use system and hardware tools to gain access

C.

He can attempt PIN guesses after 24 hours

D.

He should contact the network operator for Personal Unlock Number (PUK)

Questions 118

Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?

Options:
A.

Identifying File Dependencies

B.

Strings search

C.

Dynamic analysis

D.

File obfuscation

Questions 119

Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

Options:
A.

File fingerprinting

B.

Identifying file obfuscation

C.

Static analysis

D.

Dynamic analysis

Questions 120

Which command can provide the investigators with details of all the loaded modules on a Linux-based system?

Options:
A.

list modules -a

B.

lsmod

C.

plist mod -a

D.

lsof -m

Exam Code: 312-49v9
Certification Provider: ECCouncil
Exam Name: Computer Hacking Forensic Investigator (v9)
Last Update: Mar 28, 2025
Questions: 589

ECCouncil Related Exams

712-50 - EC-Council Certified CISO (CCISO)
312-96 - Certified Application Security Engineer (CASE) JAVA
312-50v11 - Certified Ethical Hacker Exam (CEH v11)
ICS-SCADA - ICS/SCADA Cyber Security Exam
212-81 - EC-Council Certified Encryption Specialist (ECES)
212-89 - EC Council Certified Incident Handler (ECIH v3)
312-76 - Disaster Recovery Professional Practice Test
ECSS - EC-Council Certified Security Specialist
312-85 - Certified Threat Intelligence Analyst (CTIA)
412-79 - EC-Council Certified Security Analyst (ECSA)
ECSAv10 - EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing
312-40 - EC-Council Certified Cloud Security Engineer (CCSE)
312-82 - EC-CouncilBlockchain Fintech CertificationB|FC exam
112-51 - Network Defense Essentials (NDE) Exam
312-50 - Certified Ethical Hacker Exam
ECCouncil Free Access
Get ECCouncil Full Access

ECCouncil Free Exams
ECCouncil Free Exams
Discover free ECCouncil exam prep resources at Examstrack. Access practice tests and study materials to enhance your ECCouncil exam success.