Palo Alto Networks

EC-Council 312-49 Exam
Computer Hacking Forensic Investigator (Page 5 )

Updated On: 12-Feb-2026

Viewing Page 5 of 108 pages.

Download PDF version with 704 Questions

QUESTION: 16

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation?

Image the disk and try to recover deleted files
Seek the help of co-workers who are eye-witnesses
Check the Windows registry for connection data (you may or may not recover)
Approach the websites for evidence

Answer(s): A

Show Answer Next Question

QUESTION: 17

A(n)__________ is one that's performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

blackout attack
automated attack
distributed attack
central processing attack

Answer(s): B

Show Answer Next Question

QUESTION: 18

The offset in a hexadecimal code is:

The last byte after the colon
The 0x at the beginning of the code
The 0x at the end of the code
The first byte after the colon

Answer(s): B

Show Answer Next Question

QUESTION: 19

It takes _________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

by law, three
quite a few
only one
at least two

Answer(s): C

Show Answer Next Question

QUESTION: 20

With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.

0
10
100
1

Answer(s): A

Show Answer Next Question

Viewing page 5 of 108
Viewing questions 21 - 25 out of 704 questions

Post your Comments and Discuss EC-Council 312-49 exam prep with other Community members:

Comments:

Name:

Join the 312-49 Discussion

nobody Commented on June 18, 2025
The answer for Question 266 should be Complete Event Analysis
HONG KONG

Valery Commented on March 01, 2025
What version of exam have this practice questions?
KAZAKHSTAN

Moorthy Commented on December 18, 2024
This is the best place to pratice C_CPI_15 exam.
Anonymous

Carlos Commented on February 29, 2024
@AKM, I took this exam about 2 weeks ago. The questions in this practice questions are very similar to the exam. However some answers were not that accurate. I got the full PDF version with the testing software called Xengien app. It did help me pass my exam. So yes, it is worth it.
UNITED STATES

AKM Commented on February 29, 2024
Have anyone took the test after practicing here? What is accuracy of this question compared to actual test
INDIA

SA Commented on February 07, 2024
Great place to test your preparation.
INDIA

Balu Commented on November 03, 2014
Thank you so much for helping me on this. Let me have a look on this and will provide further update as soon as possible.
UNITED STATES