nerdexam
GIAC

GCFA · Question #309

GCFA Question #309: Real Exam Question with Answer & Explanation

The correct answer is C. Cluster virus. A cluster virus modifies the file system's directory entries or file allocation table to redirect program execution to the virus code, leaving actual files untouched.

Question

Which of the following types of virus makes changes to a file system of a disk?

Options

  • AMaster boot record virus
  • BStealth virus
  • CCluster virus
  • DMacro virus

Explanation

A cluster virus modifies the file system's directory entries or file allocation table to redirect program execution to the virus code, leaving actual files untouched.

Common mistakes.

  • A. A master boot record virus infects the MBR sector to gain control at boot time, not the file system's directory or allocation table structures.
  • B. A stealth virus intercepts operating system calls to conceal its presence from scanners, and is defined by its evasion behavior rather than file system modification.
  • D. A macro virus embeds malicious code within document macros in files like Word or Excel documents, not within the disk's file system structure.

Concept tested. Cluster virus file system directory modification mechanism

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice