GCFA · Question #154
GCFA Question #154: Real Exam Question with Answer & Explanation
The correct answer is A. When the user runs the infected file in the disk, it loads virus into the RAM. B. The mutation engine of polymorphic virus generates a new encrypted code, this changes the signature C. It has the ability to mutate and can change its known viral signature and hide from signaturebased. Polymorphic viruses use a mutation engine to continuously alter their code and signature, evading signature-based detection while still exhibiting standard viral behaviors like loading into RAM on execution.
Question
Options
- AWhen the user runs the infected file in the disk, it loads virus into the RAM.
- BThe mutation engine of polymorphic virus generates a new encrypted code, this changes the signature
- CIt has the ability to mutate and can change its known viral signature and hide from signaturebased
- DThe new virus resides in the main memory of the computer and does not infect other files of the operating
Explanation
Polymorphic viruses use a mutation engine to continuously alter their code and signature, evading signature-based detection while still exhibiting standard viral behaviors like loading into RAM on execution.
Common mistakes.
- D. This statement is false - polymorphic viruses do infect other files as they replicate; a virus that only resides in memory without spreading to other files would be a different category of malware.
Concept tested. Polymorphic virus mutation engine and signature evasion
Reference. https://csrc.nist.gov/glossary/term/polymorphic_virus
Community Discussion
No community discussion yet for this question.