EC-Council 312-49v10 Computer Hacking Forensic Investigator (CHFI-v10) Online Training
EC-Council 312-49v10 Online Training
The questions for 312-49v10 were last updated at Jul 11,2025.
- Exam Code: 312-49v10
- Exam Name: Computer Hacking Forensic Investigator (CHFI-v10)
- Certification Provider: EC-Council
- Latest update: Jul 11,2025
How many sectors will a 125 KB file use in a FAT32 file system?
- A . 32
- B . 16
- C . 256
- D . 25
Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages.
What networking protocol language should she learn that routers utilize?
- A . ATM
- B . UDP
- C . BPG
- D . OSPF
You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab.
How many law-enforcement computer investigators should you request to staff the lab?
- A . 8
- B . 1
- C . 4
- D . 2
A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded.
What can the investigator do to prove the violation?
- A . Image the disk and try to recover deleted files
- B . Seek the help of co-workers who are eye-witnesses
- C . Check the Windows registry for connection data (you may or may not recover)
- D . Approach the websites for evidence
Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity.
After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?
- A . The manufacturer of the system compromised
- B . The logic, formatting and elegance of the code used in the attack
- C . The nature of the attack
- D . The vulnerability exploited in the incident
Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system.
What would be the primary reason for you to recommend a disk imaging tool?
- A . A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum
- B . Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
- C . A simple DOS copy will not include deleted files, file slack and other information
- D . There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector
What does the acronym POST mean as it relates to a PC?
- A . Primary Operations Short Test
- B . PowerOn Self Test
- C . Pre Operational Situation Test
- D . Primary Operating System Test
In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?
- A . evidence must be handled in the same way regardless of the type of case
- B . evidence procedures are not important unless you work for a law enforcement agency
- C . evidence in a criminal case must be secured more tightly than in a civil case
- D . evidence in a civil case must be secured more tightly than in a criminal case
With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.
- A . 0
- B . 10
- C . 100
- D . 1
If a suspect computer is located in an area that may have toxic chemicals, you must:
- A . coordinate with the HAZMAT team
- B . determine a way to obtain the suspect computer
- C . assume the suspect machine is contaminated
- D . do not enter alone
Latest 312-49v10 Dumps Valid Version with 601 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
