nerdexam
GIAC

GSLC · Question #547

GSLC Question #547: Real Exam Question with Answer & Explanation

The correct answer is A. Polymorphic virus. This question tests recognition of the specific malware category that mutates its own code or encryption key with each replication to defeat signature-based antivirus detection.

Question

Which of the following types of virus is capable of changing its signature to avoid detection?

Options

  • APolymorphic virus
  • BBoot sector virus
  • CMacro virus
  • DStealth virus

Explanation

This question tests recognition of the specific malware category that mutates its own code or encryption key with each replication to defeat signature-based antivirus detection.

Common mistakes.

  • B. A boot sector virus infects the master boot record or volume boot record to persist across reboots and execute before the OS loads, but it does not mutate its own signature to evade detection.
  • C. A macro virus embeds malicious code within document macros (such as in Microsoft Office files) and spreads through document sharing, but it does not change its own code or signature.
  • D. A stealth virus hides its presence by intercepting operating system calls and returning falsified data to security tools, but unlike a polymorphic virus, it does not alter its own binary signature.

Concept tested. Polymorphic virus signature mutation for detection evasion

Reference. https://csrc.nist.gov/glossary/term/polymorphic_malware

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice