Certified Ethical Hacker (CEH v12) — Question 216

An IT security team is conducting an internal review of security protocols in their organization to identify potential vulnerabilities. During their investigation, they encounter a suspicious program running on several computers. Further examination reveals that the program has been logging all user keystrokes. How can the security team confirm the type of program and what countermeasures should be taken to ensure the same attack does not occur in the future?

Answer options

• A. The program is spyware; the team should use password managers and encrypt sensitive data.
• B. The program is a keylogger; the team should employ intrusion detection systems and regularly update the system software.
• C. The program is a keylogger; the team should educate employees about phishing attacks and maintain regular backups.
• D. The program is a Trojan; the team should regularly update antivirus software and install a reliable firewall.

Correct answer: B

Explanation

The correct answer is B because the program identified is a keylogger, which specifically tracks keystrokes and requires the implementation of intrusion detection systems and regular software updates to mitigate the threat. Options A and C incorrectly identify the program type or suggest less relevant countermeasures, while option D misclassifies the program as a Trojan and does not address the specific risks posed by keyloggers.