Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

EC-COUNCIL Computer Hacking Forensic Investigator (312-49) Free Practice Test

Page: 1 / 15
Total 150 questions
Get Full Access Now
Question 1
How often must a company keep log files for them to be admissible in a court of law?

Correct Answer: D
Question 2
When should an MD5 hash check be performed when processing evidence?

Correct Answer: C
Question 3
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as other members of your team collect it. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

Correct Answer: C
Question 4
You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company ITYou have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company? IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

Correct Answer: C
Question 5
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

Correct Answer: B
Question 6
Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

Correct Answer: D
Question 7
What binary coding is used most often for e-mail purposes?

Correct Answer: B
Question 8
What type of attack sends SYN requests to a target system with spoofed IP addresses?

Correct Answer: A
Question 9
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?

Correct Answer: C
Question 10
In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

Correct Answer: A
Page: 1 / 15
Total 150 questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.