CompTIA Security+ Question of the Day: Which Malware Disguises Itself as Legitimate Software?
Every day we send a new practice question to our email list. Here's today's, along with the full explanation so you understand not just the right answer, but why the other options are wrong.
CompTIA Security+ Question of the Day
You discover that an employee downloaded what appeared to be a free accounting tool from a third-party website. After installation, the software silently created a backdoor that gave an attacker remote access to the system. Which type of malware does this describe?
- A. Worm
- B. Trojan horse
- C. Rootkit
- D. Ransomware
✅ Correct Answer: B. Trojan horse
A Trojan horse is malware disguised as legitimate, useful software to trick a user into installing it voluntarily. Unlike a worm, it does not self-replicate across a network — it relies on social engineering to get the user to run it. Once executed, it can open backdoors, exfiltrate data, or download additional payloads, exactly as described in the scenario above. Trojans are a heavily tested topic on the Security+ SY0-701 exam, especially in questions that describe a delivery method rather than naming the malware directly.
Why The Other Options Are Incorrect
- A. Worm: Worms self-propagate across a network without needing a user to execute them. They don't rely on disguising themselves as a desirable application to get installed.
- C. Rootkit: A rootkit is built to hide the presence of malware or an attacker's access on a system after the fact. It's a concealment tool, not the thing that tricks a user into installing it in the first place.
- D. Ransomware: Ransomware encrypts files and demands payment. Nothing in the scenario describes encryption or a ransom demand, so this doesn't fit.
Want More Practice Like This?
This is exactly the kind of scenario-based question you'll see on the real exam. Get the full set of CompTIA Security+ SY0-701 Real Exam Questions for more practice like this, with full explanations for every question.