Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-49

EC-Council 312-49 Exam
Computer Hacking Forensic Investigator (Page 10 )

Updated On: 9-Feb-2026
Page 10 of 108
PDF with 704 Questions

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

  1. rootkit
  2. key escrow
  3. steganography
  4. Offset

Answer(s): C



During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

  1. Inculpatory evidence
  2. Mandatory evidence
  3. Exculpatory evidence
  4. Terrible evidence

Answer(s): C



If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

  1. true
  2. false

Answer(s): A



What binary coding is used most often for e-mail purposes?

  1. MIME
  2. Uuencode
  3. IMAP
  4. SMTP

Answer(s): A



If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

  1. The system files have been copied by a remote attacker
  2. The system administrator has created an incremental backup
  3. The system has been compromised using a t0rnrootkit
  4. Nothing in particular as these can be operational files

Answer(s): D






Post your Comments and Discuss EC-Council 312-49 exam prep with other Community members:

Join the 312-49 Discussion