SSCP Question #1148: Real Exam Question with Answer & Explanation

The correct answer is A: Stealth viruses supply AV engines with false information to avoid detection. Stealth viruses actively evade detection by antivirus software and often reside in memory, whereas logic bombs are dormant code triggered by specific conditions and are typically stored on disk.

Submitted by andreas_gr· Apr 18, 2026Security Concepts and Practices

Question

What is the main difference between a logic bomb and a stealth virus? (Choose all that apply)

Options

AStealth viruses supply AV engines with false information to avoid detection
BStealth viruses live in memory while logic bombs are written to disk
CStealth viruses "wake up" at a pre-specified time in the code, then execute payload
DLogic Bombs supply AV engines with false information to avoid detection

Explanation

Stealth viruses actively evade detection by antivirus software and often reside in memory, whereas logic bombs are dormant code triggered by specific conditions and are typically stored on disk.

Common mistakes.

C. This describes the behavior of a logic bomb, which executes its payload when a specific condition (like a date, time, or event) is met, not a stealth virus.
D. Logic bombs are defined by their triggered execution, not by active evasion techniques against antivirus software by supplying false information.

Concept tested. Malware types and evasion techniques

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/malware-categories

Topics

#Malware#Viruses#Logic Bombs#Evasion Techniques

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions