1. Home
  2. EC-COUNCIL Certification
  3. 312-49v10 Exam
  4. EC-COUNCIL.312-49v10.v2022-07-01.q207 Practice Test

Question 26

A Linux system is undergoing investigation. In which directory should the investigators look for its current state data if the system is in powered on state?

    • Question 27

    Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. He wants to recover all the data, which includes his personal photos, music, documents, videos, official emails, etc. Which of the following tools shall resolve Bob's purpose?

    • Question 28

    When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

    • Question 29

    Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?

    • Question 30

    What is kept in the following directory? HKLM\SECURITY\Policy\Secrets
    • Other Version
    1146EC-COUNCIL.312-49v10.v2024-08-14.q223
    1394EC-COUNCIL.312-49v10.v2023-09-12.q135
    2414EC-COUNCIL.312-49v10.v2023-08-29.q273
    4990EC-COUNCIL.312-49v10.v2022-01-20.q202
    Latest Upload
    107EMC.D-VXR-DS-00.v2025-12-24.q43
    110Splunk.SPLK-5001.v2025-12-24.q37
    121Huawei.H19-308-ENU.v2025-12-24.q74
    106APMG-International.AgilePM-Foundation.v2025-12-24.q74
    134SAP.C-C4H62-2408.v2025-12-24.q81
    108ASHRAE.HFDP.v2025-12-24.q39
    113ISQI.CTFL-UT.v2025-12-23.q13
    123ARDMS.SPI.v2025-12-23.q102
    119Microsoft.SC-300.v2025-12-23.q333
    120PaloAltoNetworks.PSE-Prisma-Pro-24.v2025-12-23.q39