nerdexam
EC-Council

312-50V13 · Question #529

An IT security team is conducting an internal review of security protocols in their organization to identify potential vulnerabilities. During their investigation, they encounter a suspicious program

The correct answer is C. The program is a keylogger; the team should employ intrusion detection systems and regularly. Explanation Option C is correct because a program specifically designed to log keystrokes is, by definition, a keylogger, and the most appropriate technical countermeasures are Intrusion Detection Systems (IDS), which can monitor network traffic and system behavior to detect and

Submitted by haruto_sh· Mar 6, 2026Malware Threats

Question

An IT security team is conducting an internal review of security protocols in their organization to identify potential vulnerabilities. During their investigation, they encounter a suspicious program running on several computers. Further examination reveals that the program has been logging all user keystrokes. How can the security team confirm the type of program and what countermeasures should be taken to ensure the same attack does not occur in the future?

Options

  • AThe program is a Trojan; the tearm should regularly update antivirus software and install a
  • BThe program is spyware; the team should use password managers and encrypt sensitive data
  • CThe program is a keylogger; the team should employ intrusion detection systems and regularly
  • DThe program is a keylogger; the team should educate employees about phishing attacks and

How the community answered

(26 responses)
  • A
    4% (1)
  • C
    92% (24)
  • D
    4% (1)

Explanation

Explanation

Option C is correct because a program specifically designed to log keystrokes is, by definition, a keylogger, and the most appropriate technical countermeasures are Intrusion Detection Systems (IDS), which can monitor network traffic and system behavior to detect and alert on suspicious activity, combined with regular security audits to catch similar threats early.

Why the distractors are wrong:

  • Option A is incorrect because a Trojan disguises itself as legitimate software to perform malicious actions - it is a broader category and not specific to keystroke logging; also, antivirus alone is insufficient as a primary countermeasure.
  • Option B is incorrect because spyware broadly monitors user behavior (browsing, data collection), whereas keystroke logging is the defining characteristic of a keylogger specifically; password managers also don't prevent keyloggers from capturing input.
  • Option D is partially correct in identifying a keylogger but falls short because employee phishing education alone is not a sufficient technical countermeasure - IDS provides active, ongoing detection rather than passive awareness.

Memory Tip: Think "K for Keystrokes = Keylogger" - whenever a question mentions logging every key pressed, the answer is always keylogger, and pair it with IDS (the "watchdog" of the network) as the technical defense.

Topics

#Keylogger#Malware detection#Intrusion Detection System (IDS)#Security controls

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice