Certified Ethical Hacker (CEH v13) — Question 202

An IT security team is conducting an internal review of security protocols in their organization to identify potential vulnerabilities. During their investigation, they encounter a suspicious program running on several computers. Further examination reveals that the program has been logging all user keystrokes. How can the security team confirm the type of program and what countermeasures should be taken to ensure the same attack does not occur in the future?

Answer options

• A. The program is spyware; the team should use password managers and encrypt sensitive data.
• B. The program is a keylogger; the team should employ intrusion detection systems and regularly update the system software.
• C. The program is a keylogger; the team should educate employees about phishing attacks and maintain regular backups.
• D. The program is a Trojan; the team should regularly update antivirus software and install a reliable firewall.

Correct answer: B

Explanation

The correct answer is B because the program identified is indeed a keylogger, and employing intrusion detection systems along with regular software updates can help detect and prevent future keylogging attacks. Options A and C suggest measures that do not directly address the type of threat posed by keyloggers, while option D misidentifies the program as a Trojan and suggests unrelated countermeasures.