1. What is the primary function of a keylogger?
A) Encrypt sensitive data
B) Capture keystrokes of a user
C) Detect and remove malware
D) Block unauthorized access
β
Answer: B) Capture keystrokes of a user
π Explanation: Keyloggers are designed to record keystrokes, allowing attackers to capture sensitive information such as passwords, credit card numbers, and private messages.
2. Which type of keylogger does not require software installation?
A) Hardware keylogger
B) Rootkit keylogger
C) Remote keylogger
D) Kernel-based keylogger
β
Answer: A) Hardware keylogger
π Explanation: Hardware keyloggers are physical devices attached to a keyboard or USB port to record keystrokes, requiring no software installation.
3. Spyware is mainly used for which of the following?
A) Enhancing system performance
B) Monitoring user activity without consent
C) Protecting a system from viruses
D) Speeding up internet browsing
β
Answer: B) Monitoring user activity without consent
π Explanation: Spyware is a malicious software that secretly collects user activity data and transmits it to third parties.
4. What is a common method used by attackers to distribute spyware?
A) Official software stores
B) Malicious email attachments and software bundles
C) Direct download from security websites
D) Encrypted network tunnels
β
Answer: B) Malicious email attachments and software bundles
π Explanation: Spyware is often distributed via malicious email attachments, fake software updates, and bundled with free software downloads.
5. How does a kernel-based keylogger operate?
A) By modifying system kernel functions to capture keystrokes
B) By monitoring clipboard data
C) By injecting scripts into browsers
D) By replacing system drivers
β
Answer: A) By modifying system kernel functions to capture keystrokes
π Explanation: Kernel-based keyloggers operate at the operating system level, making them harder to detect.
6. What is the primary risk of keyloggers?
A) Data corruption
B) Unauthorized system access and credential theft
C) Hardware failure
D) Internet speed reduction
β
Answer: B) Unauthorized system access and credential theft
π Explanation: Keyloggers steal credentials and other sensitive data, which can lead to identity theft and financial fraud.
7. Which of the following is an effective way to prevent keyloggers?
A) Using a VPN
B) Regularly restarting your computer
C) Enabling two-factor authentication (2FA)
D) Using an on-screen keyboard or password manager
β
Answer: D) Using an on-screen keyboard or password manager
π Explanation: On-screen keyboards and password managers reduce the risk of keylogging by preventing direct keystroke logging.
8. What is “Form Grabbing” in spyware?
A) A technique to steal credentials from saved passwords
B) A way to extract data from browser autofill forms
C) A method to intercept data before it is encrypted and sent
D) A process to remove malicious forms from websites
β
Answer: C) A method to intercept data before it is encrypted and sent
π Explanation: Form grabbing allows spyware to capture input data before encryption, making it highly dangerous.
9. Which of the following is NOT a characteristic of spyware?
A) Running in the background unnoticed
B) Collecting user data without permission
C) Encrypting files for ransom
D) Sending collected data to a third party
β
Answer: C) Encrypting files for ransom
π Explanation: Spyware focuses on data theft, whereas encrypting files for ransom is a characteristic of ransomware.
10. A trojan keylogger is typically installed via which method?
A) Social engineering and malicious downloads
B) Encrypted HTTPS connections
C) Secure email attachments
D) Firewall updates
β
Answer: A) Social engineering and malicious downloads
π Explanation: Trojan keyloggers disguise themselves as legitimate software and trick users into installing them.
11. How can you detect a keylogger on your system?
A) Run a full antivirus scan
B) Check for unusual CPU usage
C) Monitor active processes in Task Manager
D) All of the above
β
Answer: D) All of the above
π Explanation: Detecting keyloggers involves checking for unusual processes, high CPU usage, and scanning with antivirus software.
12. Which spyware technique involves hijacking the clipboard to steal sensitive data?
A) Clipboard logging
B) Form grabbing
C) DNS hijacking
D) Keystroke injection
β
Answer: A) Clipboard logging
π Explanation: Clipboard logging captures copied data such as passwords, cryptocurrency addresses, and sensitive text.
13. Remote Access Trojans (RATs) often include which feature?
A) Keylogging
B) File theft
C) Webcam and microphone access
D) All of the above
β
Answer: D) All of the above
π Explanation: RATs provide full remote control, including keylogging, data theft, and surveillance.
14. Why is spyware considered a serious threat in corporate environments?
A) It slows down computers
B) It can be used to steal trade secrets and sensitive business data
C) It increases internet bills
D) It only affects personal users
β
Answer: B) It can be used to steal trade secrets and sensitive business data
π Explanation: Spyware can be used for corporate espionage, stealing confidential information from businesses.
15. Which tool is commonly used to detect keyloggers?
A) Windows Task Scheduler
B) Anti-malware software
C) Disk Defragmenter
D) Web browser extensions
β
Answer: B) Anti-malware software
π Explanation: Anti-malware programs are designed to detect and remove keyloggers.
16. Which operating system feature can help mitigate keyloggers?
A) Disabling USB ports
B) Sandboxing applications
C) Reducing screen brightness
D) Increasing RAM capacity
β
Answer: B) Sandboxing applications
π Explanation: Sandboxing isolates applications, preventing malware like keyloggers from accessing keystrokes.
17. What does anti-keylogging software do?
A) Blocks unauthorized keylogging activity
B) Encrypts files for better security
C) Deletes keyloggers automatically
D) Prevents software installation
β
Answer: A) Blocks unauthorized keylogging activity
π Explanation: Anti-keylogging software prevents keyloggers from recording keystrokes.
18. What is one of the earliest signs of spyware infection?
A) System crashes
B) Sluggish system performance and unusual pop-ups
C) Inability to connect to Wi-Fi
D) Increased internet speed
β
Answer: B) Sluggish system performance and unusual pop-ups
π Explanation: Spyware often slows down the system and generates intrusive pop-ups.
19. What is an advanced way to protect against spyware?
A) Using a strong firewall and behavioral monitoring tools
B) Restarting the computer frequently
C) Using outdated antivirus software
D) Avoiding online banking
β
Answer: A) Using a strong firewall and behavioral monitoring tools
π Explanation: Firewalls and behavior analysis tools help detect and block spyware before it causes damage.
20. Which spyware type captures screen activity instead of keystrokes?
A) Keylogger
B) Screen scraper
C) Adware
D) Trojan virus
β
Answer: B) Screen scraper
π Explanation: Screen scrapers take screenshots or record screen activity to steal sensitive information.
21. How do attackers use keyloggers in phishing campaigns?
A) By embedding keyloggers in fake login pages
B) By sending fake invoices to victims
C) By offering discounts on legitimate software
D) By spreading misinformation
β
Answer: A) By embedding keyloggers in fake login pages
π Explanation: Attackers use phishing emails with fake login pages containing keyloggers to capture user credentials.
22. Which type of spyware spreads through removable USB devices?
A) Network spyware
B) Trojan spyware
C) USB worm spyware
D) Rootkit spyware
β
Answer: C) USB worm spyware
π Explanation: USB-based spyware infects systems when users plug in compromised removable devices.
23. What is the primary method of detecting hardware keyloggers?
A) Checking for unfamiliar devices connected to the computer
B) Running an antivirus scan
C) Formatting the hard drive
D) Disabling all USB ports
β
Answer: A) Checking for unfamiliar devices connected to the computer
π Explanation: Hardware keyloggers are physical devices connected between the keyboard and computer, which can be visually inspected.
24. Which of the following is a well-known spyware example?
A) Stuxnet
B) Pegasus
C) WannaCry
D) Mirai
β
Answer: B) Pegasus
π Explanation: Pegasus is a sophisticated spyware tool used for surveillance, capable of capturing keystrokes, camera feeds, and microphone recordings.
25. What is the main goal of spyware used in corporate espionage?
A) Slowing down employee computers
B) Stealing intellectual property and confidential business data
C) Sending spam emails
D) Reducing system storage
β
Answer: B) Stealing intellectual property and confidential business data
π Explanation: Spyware in corporate espionage is used to steal trade secrets, financial records, and strategic plans.
26. Which of the following techniques is used by spyware to persist after a reboot?
A) Registering itself as a startup process
B) Disguising as a system update
C) Encrypting itself in system logs
D) Temporarily pausing operations
β
Answer: A) Registering itself as a startup process
π Explanation: Many spyware programs modify system startup settings to ensure they remain active even after a system restart.
27. Keyloggers can be combined with which other malware for advanced attacks?
A) Ransomware
B) Adware
C) Trojan horses
D) All of the above
β
Answer: D) All of the above
π Explanation: Attackers often bundle keyloggers with trojans, ransomware, and adware to increase their effectiveness.
28. What is a browser-based keylogger?
A) A keylogger embedded in a malicious web extension
B) A hardware device capturing browser activity
C) A type of phishing attack
D) A web-based antivirus
β
Answer: A) A keylogger embedded in a malicious web extension
π Explanation: Browser-based keyloggers operate via malicious extensions or scripts that capture keystrokes entered in web forms.
29. What type of spyware monitors instant messaging and social media conversations?
A) Keyloggers
B) Network sniffers
C) Chat loggers
D) Form grabbers
β
Answer: C) Chat loggers
π Explanation: Chat loggers are designed to capture instant messaging and social media conversations for espionage or blackmail.
30. How can attackers remotely control spyware-infected machines?
A) Using Remote Access Trojans (RATs)
B) Through email attachments
C) By scanning open ports
D) By modifying browser cookies
β
Answer: A) Using Remote Access Trojans (RATs)
π Explanation: RATs enable attackers to control infected devices remotely, including logging keystrokes and accessing files.
31. What is a sign of a keylogger infection?
A) Unresponsive keyboard or lagging input
B) Faster internet speed
C) Unusually loud fan noise
D) Increased storage capacity
β
Answer: A) Unresponsive keyboard or lagging input
π Explanation: Keyloggers often cause keyboard lag or unresponsiveness due to the interception of keystrokes.
32. How does “fileless” spyware operate?
A) By running entirely in memory without creating files
B) By modifying hardware components
C) By installing a visible software program
D) By requiring user interaction
β
Answer: A) By running entirely in memory without creating files
π Explanation: Fileless spyware operates in RAM, making it difficult to detect using traditional antivirus scans.
33. Which Windows feature can be exploited by keyloggers?
A) Windows Registry
B) Task Manager
C) User Account Control (UAC)
D) File Explorer
β
Answer: A) Windows Registry
π Explanation: Some keyloggers store themselves in the Windows Registry to ensure persistence.
34. How does DNS hijacking help spyware?
A) Redirects users to malicious phishing sites
B) Increases download speed
C) Prevents malware execution
D) Encrypts internet traffic
β
Answer: A) Redirects users to malicious phishing sites
π Explanation: DNS hijacking alters DNS settings to redirect users to attacker-controlled websites.
35. How do mobile keyloggers differ from desktop keyloggers?
A) They can log touchscreen taps instead of physical keystrokes
B) They do not require installation
C) They work only on Wi-Fi networks
D) They are easily detectable
β
Answer: A) They can log touchscreen taps instead of physical keystrokes
π Explanation: Mobile keyloggers capture touchscreen inputs, often by recording screen activity.
36. What is a keylogging attack that requires no software?
A) Acoustic keylogging
B) Browser injection
C) Cross-site scripting (XSS)
D) SQL injection
β
Answer: A) Acoustic keylogging
π Explanation: Acoustic keylogging analyzes the sound of keystrokes to determine what a user is typing.
37. Which of the following can help prevent spyware infections?
A) Regular software updates
B) Avoiding public Wi-Fi
C) Disabling unnecessary browser extensions
D) All of the above
β
Answer: D) All of the above
π Explanation: Software updates patch vulnerabilities, avoiding public Wi-Fi reduces risks, and disabling unneeded extensions prevents malicious injections.
38. How does spyware evade detection?
A) By encrypting itself
B) By using rootkit techniques
C) By disguising as legitimate software
D) All of the above
β
Answer: D) All of the above
π Explanation: Spyware employs multiple techniques to evade detection, including encryption, rootkits, and disguising itself as a legitimate app.
39. What is one of the most effective defenses against keyloggers?
A) Multi-factor authentication (MFA)
B) Increasing RAM size
C) Using incognito mode in browsers
D) Keeping the computer unplugged
β
Answer: A) Multi-factor authentication (MFA)
π Explanation: MFA protects accounts even if a keylogger steals the password, requiring additional authentication steps.
40. Which modern security tool provides real-time protection against spyware?
A) Endpoint Detection and Response (EDR)
B) Disk Cleanup
C) Task Manager
D) Notepad
β
Answer: A) Endpoint Detection and Response (EDR)
π Explanation: EDR solutions continuously monitor systems for malicious activity, including spyware.
41. What type of keylogger is embedded within an image file to evade detection?
A) Image-based keylogger
B) Steganographic keylogger
C) Screenshot logger
D) DNS keylogger
β
Answer: B) Steganographic keylogger
π Explanation: Steganographic keyloggers hide malicious code inside image files to avoid detection by security software.
42. How can spyware steal banking credentials without logging keystrokes?
A) By intercepting screen captures
B) By modifying the Windows Firewall
C) By injecting malicious cookies
D) By overclocking the processor
β
Answer: A) By intercepting screen captures
π Explanation: Some spyware captures screenshots when users enter sensitive information like banking details.
43. Which spyware technique captures encrypted data before it is sent over the network?
A) Form grabbing
B) Packet sniffing
C) Browser hijacking
D) Keystroke injection
β
Answer: A) Form grabbing
π Explanation: Form grabbers capture data directly from input fields before encryption, making them highly dangerous.
44. What is a common technique used by spyware to remain undetected on a system?
A) Operating in kernel mode
B) Creating fake error messages
C) Displaying warning pop-ups
D) Replacing the operating system
β
Answer: A) Operating in kernel mode
π Explanation: Kernel-mode spyware runs at a low level within the OS, making it harder to detect and remove.
45. What type of keylogger can be embedded in a fake keyboard app on mobile devices?
A) Virtual keylogger
B) Software keylogger
C) Keyboard malware
D) Trojan keylogger
β
Answer: B) Software keylogger
π Explanation: Malicious keyboard apps can capture every input and send it to attackers.
46. How do attackers distribute spyware using drive-by downloads?
A) By embedding spyware in website scripts
B) By requiring users to install software manually
C) By sending software updates through official stores
D) By encrypting spyware before sending
β
Answer: A) By embedding spyware in website scripts
π Explanation: Drive-by downloads install spyware when a user visits an infected webpage, often without any user action.
47. Which programming languages are commonly used to create keyloggers?
A) Python, C, C++
B) JavaScript and HTML
C) Ruby and PHP
D) SQL and Perl
β
Answer: A) Python, C, C++
π Explanation: Keyloggers are often written in Python, C, and C++ because of their ability to interact with low-level system processes.
48. Which type of spyware manipulates online ads to generate revenue for attackers?
A) Adware
B) Rootkit spyware
C) Trojan spyware
D) Worm spyware
β
Answer: A) Adware
π Explanation: Adware injects unwanted ads, redirects users, and tracks browsing activity to generate revenue for attackers.
49. What is a “polymorphic keylogger”?
A) A keylogger that changes its code to evade detection
B) A keylogger that only works in incognito mode
C) A keylogger that infects only mobile devices
D) A keylogger embedded in an encrypted PDF
β
Answer: A) A keylogger that changes its code to evade detection
π Explanation: Polymorphic keyloggers modify their own code dynamically to bypass signature-based antivirus detection.
50. What is the primary purpose of spyware in Advanced Persistent Threats (APTs)?
A) Collecting intelligence over a long period
B) Disrupting internet services
C) Encrypting user files for ransom
D) Crashing the operating system
β
Answer: A) Collecting intelligence over a long period
π Explanation: Spyware in APTs is used for long-term espionage, gathering sensitive information over extended periods.
51. Which mobile spyware feature allows an attacker to listen to live phone calls?
A) Silent call monitoring
B) VOIP hijacking
C) Microphone hijacking
D) Bluetooth keylogging
β
Answer: A) Silent call monitoring
π Explanation: Silent call monitoring spyware can secretly record or stream live phone calls to an attacker.
52. What does a “man-in-the-browser” (MitB) attack typically use?
A) Trojan spyware
B) Rootkit spyware
C) Network worm
D) Ransomware
β
Answer: A) Trojan spyware
π Explanation: MitB attacks involve trojan spyware modifying web browser processes to steal sensitive data.
53. What is the main goal of spyware used by governments for surveillance?
A) Gathering intelligence on targets
B) Slowing down internet speeds
C) Displaying advertisements
D) Encrypting files
β
Answer: A) Gathering intelligence on targets
π Explanation: Governments and intelligence agencies use spyware for surveillance and intelligence-gathering.
54. What is an “inline keylogger”?
A) A hardware device inserted between a keyboard and a computer
B) A keylogger that operates within email services
C) A software-based keylogger that modifies system DLLs
D) A browser keylogger embedded in online forms
β
Answer: A) A hardware device inserted between a keyboard and a computer
π Explanation: Inline keyloggers are small hardware devices placed between a keyboard and a computer to capture keystrokes.
55. Which browser feature can help protect against spyware?
A) Enabling “Do Not Track”
B) Clearing browser cache
C) Disabling third-party cookies
D) All of the above
β
Answer: D) All of the above
π Explanation: These settings help reduce spyware tracking and data collection.
56. What is a “hooking keylogger”?
A) A keylogger that intercepts API functions to capture keystrokes
B) A keylogger embedded in phishing emails
C) A keylogger used for ethical hacking
D) A keylogger that targets touchscreen inputs
β
Answer: A) A keylogger that intercepts API functions to capture keystrokes
π Explanation: Hooking keyloggers use Windows API hooks to log keystrokes from all applications.
57. What is the best way to remove rootkit-based spyware?
A) Using specialized anti-rootkit tools
B) Restarting the computer
C) Running disk cleanup
D) Closing background applications
β
Answer: A) Using specialized anti-rootkit tools
π Explanation: Rootkit spyware hides within system files, requiring dedicated anti-rootkit software for removal.
58. How does spyware monetize stolen data?
A) Selling credentials on the dark web
B) Running cryptocurrency miners
C) Launching DDoS attacks
D) Spamming users with emails
β
Answer: A) Selling credentials on the dark web
π Explanation: Stolen data, such as banking details and credentials, is often sold on underground forums.
59. What is a common indicator of spyware infection on a smartphone?
A) Unusual battery drain
B) Sudden app crashes
C) High data usage
D) All of the above
β
Answer: D) All of the above
π Explanation: Spyware on smartphones often causes increased battery usage, app crashes, and high data consumption.
60. How can behavioral analysis tools help detect spyware?
A) By monitoring unusual system activity
B) By running antivirus scans
C) By encrypting hard drives
D) By blocking internet access
β
Answer: A) By monitoring unusual system activity
π Explanation: Behavioral analysis tools detect spyware by analyzing suspicious behavior rather than relying on static signatures.
61. Which of the following is a common target of keyloggers?
A) Social media credentials
B) Banking login details
C) Email passwords
D) All of the above
β
Answer: D) All of the above
π Explanation: Keyloggers aim to steal various types of sensitive credentials, including social media, banking, and email passwords.
62. How do attackers use Remote Desktop Protocol (RDP) to install spyware?
A) By exploiting weak or default credentials
B) By installing spyware via USB devices
C) By sending phishing emails
D) By blocking internet access
β
Answer: A) By exploiting weak or default credentials
π Explanation: Attackers gain unauthorized access to systems via RDP by using weak or default credentials, allowing them to install spyware remotely.
63. What is a primary difference between spyware and a virus?
A) Spyware steals data while a virus spreads and damages files
B) Spyware replicates like a virus
C) A virus cannot be removed, but spyware can
D) Spyware only affects smartphones
β
Answer: A) Spyware steals data while a virus spreads and damages files
π Explanation: Spyware is designed to secretly collect information, while viruses focus on spreading and corrupting files.
64. Which component of an operating system can be compromised to install a kernel-mode keylogger?
A) Device drivers
B) Clipboard manager
C) Firewall settings
D) Internet browser cache
β
Answer: A) Device drivers
π Explanation: Kernel-mode keyloggers operate by modifying device drivers to capture keystrokes at a system level.
65. Why are keyloggers often embedded in Remote Access Trojans (RATs)?
A) To allow remote attackers to capture user keystrokes
B) To disable antivirus software
C) To speed up system performance
D) To generate pop-up advertisements
β
Answer: A) To allow remote attackers to capture user keystrokes
π Explanation: RATs provide remote attackers with control over an infected system, often including keylogging functionality.
66. What is the main function of spyware in corporate surveillance?
A) Gathering sensitive company information
B) Improving system performance
C) Blocking software installations
D) Creating fake system alerts
β
Answer: A) Gathering sensitive company information
π Explanation: Spyware used for corporate surveillance is designed to steal intellectual property, financial records, and other confidential data.
67. Which of the following is an example of a hardware keylogger?
A) Malicious browser extension
B) USB dongle between the keyboard and computer
C) Trojan-infected file
D) Spyware embedded in a mobile app
β
Answer: B) USB dongle between the keyboard and computer
π Explanation: Hardware keyloggers are physical devices placed between a keyboard and a computer to intercept keystrokes.
68. How can attackers use keyloggers to bypass two-factor authentication (2FA)?
A) By logging temporary one-time passwords (OTP)
B) By disabling security questions
C) By corrupting CAPTCHA verifications
D) By modifying DNS settings
β
Answer: A) By logging temporary one-time passwords (OTP)
π Explanation: Keyloggers can capture OTPs if users enter them via the keyboard, allowing attackers to bypass 2FA security.
69. What type of spyware is used to monitor network activity?
A) Network sniffer
B) Adware
C) Rootkit spyware
D) Trojan spyware
β
Answer: A) Network sniffer
π Explanation: Network sniffers analyze and capture network traffic, potentially extracting sensitive information like passwords.
70. What is the purpose of a keylogger installed in a cyber-espionage campaign?
A) To collect sensitive government or corporate data
B) To create fake social media accounts
C) To encrypt files and demand ransom
D) To spread across multiple devices via USB
β
Answer: A) To collect sensitive government or corporate data
π Explanation: Cyber-espionage campaigns use keyloggers to stealthily collect confidential information over time.
71. What is an effective method to detect hidden spyware?
A) Using endpoint detection and response (EDR) software
B) Increasing the screen brightness
C) Disabling Bluetooth
D) Using a proxy server
β
Answer: A) Using endpoint detection and response (EDR) software
π Explanation: EDR solutions continuously monitor system activities to detect and remove spyware.
72. Which programming technique allows spyware to hide its presence?
A) Code obfuscation
B) File compression
C) HTTP tunneling
D) Packet fragmentation
β
Answer: A) Code obfuscation
π Explanation: Code obfuscation makes spyware more difficult to detect by altering its code structure.
73. How do attackers use spyware to steal cryptocurrency?
A) Clipboard hijacking to replace wallet addresses
B) Sending ransomware emails
C) Blocking antivirus updates
D) Encrypting files
β
Answer: A) Clipboard hijacking to replace wallet addresses
π Explanation: Spyware can monitor clipboard activity and replace cryptocurrency wallet addresses with those controlled by the attacker.
74. What is a keylogging attack that records audio signals of keystrokes?
A) Acoustic keylogging
B) Spectral analysis attack
C) Silent mode attack
D) Echo-based logging
β
Answer: A) Acoustic keylogging
π Explanation: Acoustic keyloggers analyze the sound of keystrokes to determine what a user is typing.
75. How do spyware programs avoid detection by antivirus software?
A) By operating in kernel mode
B) By modifying registry keys
C) By encrypting their code
D) All of the above
β
Answer: D) All of the above
π Explanation: Spyware uses multiple techniques, including operating in kernel mode, modifying registry keys, and encrypting its code, to evade detection.
76. What type of spyware specifically targets government officials and activists?
A) Advanced Persistent Threat (APT) spyware
B) Generic spyware
C) Advertising spyware
D) Screen recorder spyware
β
Answer: A) Advanced Persistent Threat (APT) spyware
π Explanation: APT spyware is designed for targeted surveillance, often used against high-profile individuals.
77. What is a sign that a smartphone is infected with spyware?
A) Increased battery drain
B) High data usage
C) Random device overheating
D) All of the above
β
Answer: D) All of the above
π Explanation: Spyware running in the background consumes battery, increases data usage, and causes overheating.
78. How do attackers distribute spyware through fake apps?
A) By disguising spyware as legitimate apps
B) By infecting physical USB devices
C) By launching brute force attacks
D) By sending large amounts of spam emails
β
Answer: A) By disguising spyware as legitimate apps
π Explanation: Attackers embed spyware in fake apps, tricking users into installing malicious software.
79. What tool is used to detect and remove rootkit-based spyware?
A) GMER
B) Disk Defragmenter
C) Task Scheduler
D) MS Paint
β
Answer: A) GMER
π Explanation: GMER is a specialized anti-rootkit tool used to detect and remove hidden spyware.
80. What is one of the primary goals of spyware used in targeted surveillance?
A) Tracking user locations and communications
B) Spamming the user with ads
C) Stealing Wi-Fi passwords
D) Slowing down internet speed
β
Answer: A) Tracking user locations and communications
π Explanation: Spyware used in surveillance collects information about user locations, messages, and calls.
81. What is a “keylogger-as-a-service” (KaaS)?
A) A cloud-based keylogging tool offered to attackers
B) A legal keylogging application
C) A keylogger that only works with wireless keyboards
D) A keylogger designed for ethical hacking
β
Answer: A) A cloud-based keylogging tool offered to attackers
π Explanation: KaaS refers to keylogging tools sold as a service, where attackers can pay to access stolen credentials without deploying malware themselves.
82. What is a common sign of a hardware keylogger attached to a system?
A) An additional device plugged into the keyboard or USB port
B) Slower internet speed
C) An increase in screen brightness
D) System clock running slow
β
Answer: A) An additional device plugged into the keyboard or USB port
π Explanation: Hardware keyloggers are often small devices placed between the keyboard and computer or connected via USB.
83. Which organization or entity is most likely to use spyware for national security purposes?
A) Cybercriminal gangs
B) Government intelligence agencies
C) Social media influencers
D) Online gaming communities
β
Answer: B) Government intelligence agencies
π Explanation: Intelligence agencies use spyware for surveillance, espionage, and national security operations.
84. Which cybersecurity framework helps in preventing keylogger and spyware infections?
A) NIST Cybersecurity Framework
B) Agile Development Framework
C) Lean Six Sigma Framework
D) ISO 9001
β
Answer: A) NIST Cybersecurity Framework
π Explanation: The NIST Cybersecurity Framework provides guidelines for improving security posture and preventing malware, including spyware.
85. What kind of spyware can record keystrokes even when using a virtual keyboard?
A) Screen recording spyware
B) Hardware-based keyloggers
C) Network sniffer spyware
D) Keylogging trojans
β
Answer: A) Screen recording spyware
π Explanation: Screen recording spyware captures video or screenshots, allowing attackers to see virtual keyboard input.
86. What technique do keyloggers use to steal passwords from password managers?
A) Memory scraping
B) Sending phishing emails
C) Copying browser cookies
D) Changing browser fonts
β
Answer: A) Memory scraping
π Explanation: Memory scraping extracts data from a computerβs RAM, including decrypted passwords from password managers.
87. Which spyware feature allows an attacker to remotely enable a device’s microphone?
A) Audio spying
B) Key injection
C) DNS hijacking
D) Log file deletion
β
Answer: A) Audio spying
π Explanation: Some spyware applications can remotely activate a deviceβs microphone to listen to conversations.
88. Which user activity is most at risk from spyware?
A) Online banking and shopping
B) Watching YouTube videos
C) Playing offline games
D) Using an external hard drive
β
Answer: A) Online banking and shopping
π Explanation: Spyware targets financial transactions to steal banking credentials and credit card details.
89. What is the primary function of rootkit-based spyware?
A) Hiding its presence from detection tools
B) Slowing down the operating system
C) Displaying pop-up ads
D) Automatically updating antivirus software
β
Answer: A) Hiding its presence from detection tools
π Explanation: Rootkit spyware modifies system files and processes to remain undetected by security tools.
90. What happens if a user installs a keylogger-infected fake software update?
A) The keylogger starts recording keystrokes
B) The system automatically fixes security vulnerabilities
C) The browser speed increases
D) The computer becomes immune to keyloggers
β
Answer: A) The keylogger starts recording keystrokes
π Explanation: Fake software updates can install malware, including keyloggers, to capture sensitive user data.
91. How do attackers use spyware to bypass biometric authentication?
A) By capturing screen activity when the user logs in
B) By stealing browser cookies
C) By slowing down the operating system
D) By modifying keyboard shortcuts
β
Answer: A) By capturing screen activity when the user logs in
π Explanation: Spyware can take screenshots or record video to capture biometric login patterns.
92. What is an effective countermeasure against hardware keyloggers?
A) Physically inspecting keyboards and USB ports
B) Using a stronger Wi-Fi password
C) Running a VPN
D) Increasing screen brightness
β
Answer: A) Physically inspecting keyboards and USB ports
π Explanation: Hardware keyloggers must be physically removed, so manual inspection is the best defense.
93. How do attackers use cross-site scripting (XSS) to deploy keyloggers?
A) By injecting malicious JavaScript to capture keystrokes
B) By modifying firewall settings
C) By redirecting users to antivirus websites
D) By changing a user’s Wi-Fi password
β
Answer: A) By injecting malicious JavaScript to capture keystrokes
π Explanation: XSS attacks inject JavaScript into web pages to record keystrokes entered by victims.
94. What is the primary reason spyware remains undetected for long periods?
A) It operates stealthily in the background
B) It disables the computer screen
C) It corrupts system files instantly
D) It prevents users from downloading software
β
Answer: A) It operates stealthily in the background
π Explanation: Spyware is designed to run covertly, collecting data without alerting the victim.
95. What is a key method for preventing spyware infections?
A) Avoiding clicking on unknown links and attachments
B) Keeping the system in airplane mode
C) Reducing screen brightness
D) Changing wallpaper frequently
β
Answer: A) Avoiding clicking on unknown links and attachments
π Explanation: Most spyware infections occur via malicious links, email attachments, and unverified downloads.
96. How does spyware use fake antivirus alerts?
A) By tricking users into downloading more malware
B) By fixing legitimate security threats
C) By updating system drivers
D) By increasing storage space
β
Answer: A) By tricking users into downloading more malware
π Explanation: Fake antivirus alerts often trick users into installing spyware disguised as security software.
97. What is one way organizations protect against keyloggers?
A) Enforcing endpoint security policies
B) Using default passwords
C) Sharing login credentials
D) Disabling Wi-Fi
β
Answer: A) Enforcing endpoint security policies
π Explanation: Strong endpoint security, such as anti-malware tools and behavioral monitoring, helps prevent keylogger infections.
98. What is the role of encryption in protecting against keyloggers?
A) Encrypting keystrokes prevents them from being logged in plaintext
B) It removes spyware from the system
C) It disables network activity
D) It clears browsing history
β
Answer: A) Encrypting keystrokes prevents them from being logged in plaintext
π Explanation: Some security tools encrypt keystrokes, making them unreadable to keyloggers.
99. What type of spyware modifies search engine results?
A) Browser hijackers
B) Rootkits
C) Trojan keyloggers
D) Adware
β
Answer: A) Browser hijackers
π Explanation: Browser hijackers redirect users to malicious search engines and track browsing behavior.
100. What can be used to detect spyware that modifies system processes?
A) Process Explorer
B) Calculator
C) Notepad
D) Disk Cleanup
β
Answer: A) Process Explorer
π Explanation: Process Explorer (from Microsoft Sysinternals) helps identify suspicious processes running in the background.
101. How does spyware bypass traditional antivirus detection?
A) By encrypting itself and changing signatures
B) By running only on Linux systems
C) By automatically removing itself after infection
D) By slowing down network traffic
β
Answer: A) By encrypting itself and changing signatures
π Explanation: Many spyware programs use encryption and polymorphic techniques to change their code dynamically, making signature-based detection difficult.
102. What is a deceptive method used by spyware to gain access to a system?
A) Social engineering tactics
B) Overclocking the processor
C) Reducing system RAM usage
D) Preventing software updates
β
Answer: A) Social engineering tactics
π Explanation: Spyware often disguises itself as legitimate software or uses phishing tactics to trick users into installation.
103. Which of the following is an advanced spyware persistence mechanism?
A) Modifying boot sectors
B) Running as a temporary process
C) Creating multiple user accounts
D) Sending a single email
β
Answer: A) Modifying boot sectors
π Explanation: Some advanced spyware modifies the Master Boot Record (MBR) or boot sectors to maintain persistence even after system reboots.
104. How does fileless spyware operate differently from traditional spyware?
A) It resides in system memory instead of being stored as a file
B) It infects only specific document types
C) It requires administrator access to function
D) It can only operate with an internet connection
β
Answer: A) It resides in system memory instead of being stored as a file
π Explanation: Fileless spyware operates entirely in RAM, making it harder to detect since it doesnβt leave a footprint on disk.
105. Which attack involves intercepting wireless keyboard signals to steal keystrokes?
A) KeySniffer attack
B) Key Injection attack
C) DNS Spoofing
D) Bluetooth hijacking
β
Answer: A) KeySniffer attack
π Explanation: KeySniffer attacks exploit weak encryption in wireless keyboards, allowing attackers to capture keystrokes remotely.
106. What is a key reason why businesses are major targets for spyware?
A) They have valuable intellectual property and financial data
B) They frequently change passwords
C) They use secure software for protection
D) They do not use social media
β
Answer: A) They have valuable intellectual property and financial data
π Explanation: Businesses are targeted because spyware can steal trade secrets, financial records, and customer data, leading to corporate espionage.
107. What kind of spyware infects web browsers to steal stored passwords?
A) Password dumpers
B) Adware
C) Packet sniffers
D) Ransomware
β
Answer: A) Password dumpers
π Explanation: Password dumpers extract stored credentials from web browsers, allowing attackers to steal login information.
108. What is the purpose of a keystroke obfuscation tool?
A) To protect keystrokes from keyloggers
B) To speed up typing speed
C) To encrypt files on the system
D) To increase network security
β
Answer: A) To protect keystrokes from keyloggers
π Explanation: Keystroke obfuscation tools randomize keystrokes or encrypt them to prevent keyloggers from capturing sensitive information.
109. How does spyware typically communicate with attackers?
A) Command and Control (C2) servers
B) Encrypted PDFs
C) Bluetooth connections
D) Local file storage
β
Answer: A) Command and Control (C2) servers
π Explanation: Spyware often sends stolen data to remote C2 servers, where attackers can collect and analyze the information.
110. What type of spyware uses a fake email login page to steal credentials?
A) Phishing spyware
B) Screen capture spyware
C) DNS hijacker
D) System optimizer spyware
β
Answer: A) Phishing spyware
π Explanation: Phishing spyware tricks users into entering credentials on fake login pages, capturing login details for attackers.
111. Which of the following can help detect a keylogger running on a system?
A) Monitoring unusual CPU usage
B) Increasing internet speed
C) Restarting the computer frequently
D) Using a dark mode theme
β
Answer: A) Monitoring unusual CPU usage
π Explanation: Some keyloggers increase CPU or memory usage as they log and send keystrokes to attackers.
112. What is an advanced feature of AI-powered spyware?
A) Analyzing user behavior to steal more valuable data
B) Increasing internet download speed
C) Encrypting system files
D) Creating fake antivirus alerts
β
Answer: A) Analyzing user behavior to steal more valuable data
π Explanation: AI-powered spyware can monitor user habits and adjust its tactics to extract high-value information.
113. What is a common way spyware exfiltrates stolen data?
A) Sending data via encrypted HTTP or HTTPS requests
B) Displaying stolen data on the victim’s screen
C) Printing the data to a local printer
D) Removing all system logs
β
Answer: A) Sending data via encrypted HTTP or HTTPS requests
π Explanation: Most spyware uploads stolen data through encrypted web requests, making it difficult to detect.
114. What is an effective defense against mobile spyware?
A) Only installing apps from trusted sources
B) Using multiple SIM cards
C) Turning off airplane mode
D) Disabling phone vibrations
β
Answer: A) Only installing apps from trusted sources
π Explanation: Many spyware infections occur via unverified app downloads, so only installing trusted apps reduces the risk.
115. What does spyware use “session hijacking” for?
A) To take over an active login session without needing credentials
B) To send automatic security updates
C) To disable firewall protections
D) To create random user accounts
β
Answer: A) To take over an active login session without needing credentials
π Explanation: Session hijacking allows spyware to steal an active session token, bypassing the need for passwords.
116. Which modern cybersecurity tool helps in detecting unknown spyware?
A) Behavioral analysis tools
B) Task Scheduler
C) Disk Cleanup
D) Notepad++
β
Answer: A) Behavioral analysis tools
π Explanation: Behavioral analysis detects spyware based on suspicious actions, even if the spyware is unknown.
117. How does spyware avoid network-based detection?
A) Using encrypted communication channels
B) Sending large amounts of traffic at once
C) Disabling antivirus software
D) Modifying web browser themes
β
Answer: A) Using encrypted communication channels
π Explanation: Spyware encrypts its outbound data to avoid detection by network monitoring tools.
118. What is a key difference between spyware and stalkerware?
A) Stalkerware is often installed by individuals known to the victim
B) Spyware only affects businesses
C) Spyware cannot steal keystrokes
D) Stalkerware can only be installed remotely
β
Answer: A) Stalkerware is often installed by individuals known to the victim
π Explanation: Stalkerware is a subset of spyware used to monitor specific individuals, often installed by someone known to the victim.
119. What is a major concern of spyware targeting IoT devices?
A) It can be used to spy through smart cameras and microphones
B) It slows down mobile applications
C) It disables software updates
D) It blocks network ports
β
Answer: A) It can be used to spy through smart cameras and microphones
π Explanation: IoT spyware can monitor smart cameras, microphones, and home devices, posing a serious privacy risk.
120. What is a common way attackers distribute spyware through instant messaging apps?
A) Sending malicious file attachments
B) Encrypting all chat messages
C) Blocking internet access
D) Disabling all notifications
β
Answer: A) Sending malicious file attachments
π Explanation: Attackers send infected files via instant messaging apps, tricking users into installing spyware.
121. How does a keylogger capture keystrokes on a virtual machine?
A) By exploiting the clipboard sharing feature
B) By modifying virtual machine configuration files
C) By using a Bluetooth interception attack
D) By overloading CPU usage
β
Answer: A) By exploiting the clipboard sharing feature
π Explanation: Some keyloggers can capture data copied and pasted between the host machine and virtual machine through clipboard sharing.
122. What is a “browser exploit keylogger”?
A) A keylogger that exploits browser vulnerabilities to capture input
B) A keylogger that modifies system BIOS settings
C) A keylogger embedded in a firewall update
D) A keylogger that operates without an internet connection
β
Answer: A) A keylogger that exploits browser vulnerabilities to capture input
π Explanation: Some keyloggers exploit security flaws in web browsers to log sensitive information entered into forms.
123. What is the primary goal of spyware used in corporate espionage?
A) To steal trade secrets and financial data
B) To increase software efficiency
C) To reduce network latency
D) To provide system updates
β
Answer: A) To steal trade secrets and financial data
π Explanation: Corporate espionage spyware is designed to steal confidential business data to gain a competitive advantage.
124. How does mobile spyware remain hidden from users?
A) By operating in stealth mode without app icons
B) By displaying continuous notifications
C) By asking users to manually restart the phone
D) By removing all installed applications
β
Answer: A) By operating in stealth mode without app icons
π Explanation: Many spyware applications hide their presence by removing their app icons and running as background processes.
125. What is a common delivery method for spyware targeting macOS?
A) Fake software updates and trojanized applications
B) Drive-by downloads only
C) Only through USB infections
D) Only through phishing emails
β
Answer: A) Fake software updates and trojanized applications
π Explanation: Attackers often disguise spyware as fake macOS updates or legitimate applications to trick users into installation.
126. What type of keylogger records user activity by analyzing screen reflections?
A) Optical keylogger
B) Acoustic keylogger
C) RAM scraping keylogger
D) Rootkit keylogger
β
Answer: A) Optical keylogger
π Explanation: Optical keyloggers use camera-based techniques to analyze screen reflections and infer keystrokes.
127. How do keyloggers evade detection in highly secure environments?
A) By injecting themselves into trusted system processes
B) By displaying security alerts
C) By disabling internet access
D) By sending encrypted logs every hour
β
Answer: A) By injecting themselves into trusted system processes
π Explanation: Some advanced keyloggers inject themselves into legitimate system processes (e.g., explorer.exe) to avoid detection.
128. Which type of spyware specifically tracks location data?
A) GPS spyware
B) Clipboard logger
C) Ransomware
D) Network sniffer
β
Answer: A) GPS spyware
π Explanation: GPS spyware collects real-time location data, making it useful for tracking individuals without their consent.
129. What is a major security risk associated with spyware-infected IoT devices?
A) Unauthorized access to smart home systems
B) Increased CPU temperature
C) Faster internet connectivity
D) Higher battery efficiency
β
Answer: A) Unauthorized access to smart home systems
π Explanation: Spyware-infected IoT devices can allow attackers to gain control over smart locks, security cameras, and other connected devices.
130. Which advanced spyware technique captures encrypted HTTPS credentials?
A) Form grabbing
B) Network flooding
C) DNS hijacking
D) Drive-by downloads
β
Answer: A) Form grabbing
π Explanation: Form grabbing spyware intercepts credentials before encryption, making it highly effective against HTTPS-protected sites.
131. What is a sign of keylogger infection in an enterprise network?
A) Unusual outbound traffic to unknown IP addresses
B) Reduced keyboard response speed
C) Frequent system restarts
D) Increased battery life
β
Answer: A) Unusual outbound traffic to unknown IP addresses
π Explanation: Keyloggers often send captured keystrokes to remote servers, leading to suspicious outbound traffic.
132. How can keyloggers be used to bypass security questions?
A) By recording the user’s keystrokes when answering them
B) By corrupting browser settings
C) By modifying firewall configurations
D) By injecting malicious fonts into the system
β
Answer: A) By recording the user’s keystrokes when answering them
π Explanation: Keyloggers capture everything typed, including answers to security questions, allowing attackers to reset passwords.
133. What is an effective way to prevent hardware keylogger attacks?
A) Using on-screen keyboards for entering sensitive data
B) Updating operating systems regularly
C) Using dark mode themes
D) Increasing system RAM
β
Answer: A) Using on-screen keyboards for entering sensitive data
π Explanation: On-screen keyboards prevent hardware keyloggers from capturing typed input.
134. What is the main danger of stalkerware?
A) It is used to spy on individuals without their consent
B) It encrypts all system files
C) It only affects large businesses
D) It prevents users from logging into social media
β
Answer: A) It is used to spy on individuals without their consent
π Explanation: Stalkerware is a type of spyware designed to track individuals by monitoring their messages, calls, and location.
135. Which device component is most commonly exploited by spyware?
A) Microphone and camera
B) Graphics card
C) Cooling fan
D) DVD drive
β
Answer: A) Microphone and camera
π Explanation: Spyware often remotely activates a deviceβs microphone and camera to record conversations and surroundings.
136. How can anti-keylogger software protect against keylogging attacks?
A) By encrypting keystrokes before they are sent to applications
B) By reducing system performance
C) By creating duplicate keystrokes
D) By modifying browser themes
β
Answer: A) By encrypting keystrokes before they are sent to applications
π Explanation: Anti-keylogger tools encrypt keystrokes so that even if they are captured, they appear as unreadable data.
137. How does spyware disguise itself in phishing emails?
A) By appearing as a legitimate attachment or link
B) By modifying screen resolution
C) By increasing CPU speed
D) By displaying an antivirus warning
β
Answer: A) By appearing as a legitimate attachment or link
π Explanation: Phishing emails often contain spyware disguised as legitimate attachments or links, tricking users into downloading malware.
138. What is an effective method for detecting spyware manually?
A) Checking for unknown processes in Task Manager
B) Lowering screen brightness
C) Switching to airplane mode
D) Using a different keyboard layout
β
Answer: A) Checking for unknown processes in Task Manager
π Explanation: Many spyware programs run as hidden background processes, which can be found in Task Manager or Process Explorer.
139. What is the purpose of a “session replay spyware”?
A) To record and replay user actions on a website
B) To delete all user accounts automatically
C) To block keystrokes from being logged
D) To modify Wi-Fi network settings
β
Answer: A) To record and replay user actions on a website
π Explanation: Session replay spyware records everything a user does on a webpage, including mouse movements, clicks, and typed text.
140. How can network monitoring tools help detect spyware?
A) By identifying unusual data transmissions to unknown destinations
B) By increasing download speed
C) By modifying VPN settings
D) By reducing system RAM usage
β
Answer: A) By identifying unusual data transmissions to unknown destinations
π Explanation: Spyware often sends stolen data to external servers, which can be detected through network monitoring tools.
141. What is an effective way to prevent spyware from accessing your webcam?
A) Using a physical webcam cover
B) Disabling the firewall
C) Keeping the webcam turned on at all times
D) Lowering the screen brightness
β
Answer: A) Using a physical webcam cover
π Explanation: Some spyware can remotely activate webcams, so physical covers provide an extra layer of protection.
142. What is a “malvertising” spyware attack?
A) A spyware infection spread through malicious online ads
B) A type of spyware that removes advertisements
C) A security tool that protects against malware
D) A form of ransomware that encrypts ad networks
β
Answer: A) A spyware infection spread through malicious online ads
π Explanation: Malvertising (malicious advertising) delivers spyware through infected advertisements displayed on legitimate websites.
143. What is a primary risk of spyware that operates as a browser extension?
A) It can track browsing history and steal login credentials
B) It can increase CPU performance
C) It can speed up browser caching
D) It improves ad-blocking capabilities
β
Answer: A) It can track browsing history and steal login credentials
π Explanation: Malicious browser extensions can log keystrokes, steal saved passwords, and monitor browsing activity.
144. How do attackers use Remote Desktop Protocol (RDP) to install spyware?
A) By brute-forcing weak RDP credentials
B) By modifying hardware components
C) By using fingerprint scanning
D) By disabling antivirus software remotely
β
Answer: A) By brute-forcing weak RDP credentials
π Explanation: Attackers use RDP brute-force attacks to gain access to systems and install spyware remotely.
145. Which of the following is a sign that a mobile device is infected with spyware?
A) Sudden battery drainage and overheating
B) Faster internet speeds
C) Improved security features
D) Increased free storage
β
Answer: A) Sudden battery drainage and overheating
π Explanation: Mobile spyware runs in the background, causing excessive battery usage and device overheating.
146. How does “DNS hijacking spyware” operate?
A) It redirects users to malicious websites by altering DNS settings
B) It deletes all saved passwords from a browser
C) It corrupts the BIOS of the system
D) It changes the keyboard layout
β
Answer: A) It redirects users to malicious websites by altering DNS settings
π Explanation: DNS hijacking spyware modifies DNS settings to redirect users to fake websites, often to steal credentials.
147. How does “USB keylogger spyware” work?
A) It captures keystrokes by plugging into a USB port
B) It encrypts all USB data
C) It prevents unauthorized USB connections
D) It blocks all keyboard input
β
Answer: A) It captures keystrokes by plugging into a USB port
π Explanation: USB keyloggers are hardware devices that record every keystroke by connecting between the keyboard and the computer.
148. What type of spyware is designed to steal cryptocurrency wallets?
A) Clipboard hijacker
B) File encryption spyware
C) Screen freezing malware
D) Mouse-tracking adware
β
Answer: A) Clipboard hijacker
π Explanation: Clipboard hijackers monitor clipboard activity and replace copied cryptocurrency addresses with attacker-controlled ones.
149. What is a common delivery method for spyware in phishing attacks?
A) Malicious email attachments
B) Secured cloud storage
C) Password-protected antivirus updates
D) Wi-Fi signal interference
β
Answer: A) Malicious email attachments
π Explanation: Many phishing attacks deliver spyware via email attachments disguised as legitimate documents.
150. What is a “multi-stage spyware attack”?
A) A spyware attack that installs additional malware in phases
B) A single-stage spyware attack that operates immediately
C) A spyware infection that disappears after rebooting
D) A spyware attack that only targets gaming consoles
β
Answer: A) A spyware attack that installs additional malware in phases
π Explanation: Multi-stage spyware attacks deploy spyware in multiple stages, making detection and removal harder.
151. How does spyware avoid detection by antivirus software?
A) By using obfuscation and polymorphic techniques
B) By displaying fake security warnings
C) By increasing RAM storage
D) By switching to incognito mode
β
Answer: A) By using obfuscation and polymorphic techniques
π Explanation: Polymorphic spyware changes its code structure frequently, making it harder for antivirus software to detect.
152. What is an effective security measure to prevent spyware infection?
A) Regularly updating operating systems and security software
B) Avoiding VPN usage
C) Installing multiple unknown browser extensions
D) Ignoring software updates
β
Answer: A) Regularly updating operating systems and security software
π Explanation: Security updates patch vulnerabilities that spyware can exploit, reducing infection risks.
153. What type of spyware records touchscreen gestures on mobile devices?
A) Screen recording spyware
B) Packet sniffing spyware
C) Rootkit spyware
D) Session hijacking spyware
β
Answer: A) Screen recording spyware
π Explanation: Some spyware records touchscreen activity, capturing login credentials and other sensitive information.
154. Why do attackers use “zero-day spyware”?
A) To exploit unknown software vulnerabilities before patches are released
B) To target outdated operating systems only
C) To infect computers using USB drives
D) To perform hardware repairs remotely
β
Answer: A) To exploit unknown software vulnerabilities before patches are released
π Explanation: Zero-day spyware targets unpatched software vulnerabilities, allowing attackers to exploit them before they are fixed.
155. What is a “sandbox-aware spyware”?
A) A spyware that detects if it is running in a virtual sandbox
B) A spyware that targets online gaming sandboxes
C) A spyware that only works in corporate environments
D) A spyware that can only be detected by AI
β
Answer: A) A spyware that detects if it is running in a virtual sandbox
π Explanation: Sandbox-aware spyware can detect security sandboxes and stop execution to avoid detection.
156. What technique is commonly used by spyware to extract saved browser passwords?
A) Memory scraping
B) DNS tunneling
C) Webcam hijacking
D) Remote desktop manipulation
β
Answer: A) Memory scraping
π Explanation: Memory scraping spyware extracts decrypted passwords from browser memory, bypassing encryption protections.
157. How can spyware exploit Bluetooth connections?
A) By using Bluetooth sniffing to capture data
B) By increasing battery performance
C) By blocking network traffic
D) By encrypting all Bluetooth connections
β
Answer: A) By using Bluetooth sniffing to capture data
π Explanation: Bluetooth spyware captures data sent over Bluetooth connections, such as file transfers and paired device activity.
158. What is a sign that spyware has been installed through a fake software update?
A) System crashes and slow performance
B) Increased internet speed
C) Enhanced firewall protection
D) Improved system security
β
Answer: A) System crashes and slow performance
π Explanation: Fake software updates often contain spyware, leading to slow performance, crashes, and unauthorized data collection.
159. What is a common attack vector for spyware in corporate networks?
A) Compromised remote desktop sessions
B) Regular firewall updates
C) Secure password management
D) Using official software repositories
β
Answer: A) Compromised remote desktop sessions
π Explanation: Attackers exploit weak remote desktop security to install spyware on corporate systems.
160. How does spyware abuse cloud storage services?
A) By using them to store and exfiltrate stolen data
B) By securing user accounts
C) By blocking unauthorized access
D) By improving cloud performance
β
Answer: A) By using them to store and exfiltrate stolen data
π Explanation: Spyware can upload stolen information to attacker-controlled cloud storage, making data theft harder to trace.
161. What type of keylogger is embedded inside a compromised keyboard?
A) Hardware-implanted keylogger
B) Rootkit-based keylogger
C) Browser extension keylogger
D) Adware-based keylogger
β
Answer: A) Hardware-implanted keylogger
π Explanation: Hardware-implanted keyloggers are built inside keyboards and cannot be detected by software-based security tools.
162. What is “keystroke inference” in spyware attacks?
A) Predicting typed words based on typing patterns
B) Injecting random keystrokes into a document
C) Disabling a keyboard remotely
D) Encrypting all typed content
β
Answer: A) Predicting typed words based on typing patterns
π Explanation: Keystroke inference uses AI and machine learning to predict words based on keystroke delays and typing behavior.
163. What does spyware often use to hide its network activity?
A) Encrypted tunnels (e.g., HTTPS, VPNs)
B) Unencrypted text files
C) Slowing down internet speeds
D) Changing Wi-Fi passwords
β
Answer: A) Encrypted tunnels (e.g., HTTPS, VPNs)
π Explanation: Spyware frequently encrypts stolen data before sending it to attackers to avoid network detection.
164. How does “spyware persistence” work?
A) It ensures spyware remains active even after reboots
B) It speeds up browser performance
C) It prevents unauthorized application installation
D) It removes all security patches
β
Answer: A) It ensures spyware remains active even after reboots
π Explanation: Spyware uses persistence techniques such as registry modifications, scheduled tasks, or bootloader infections to remain active.
165. What is the risk of using pirated software regarding spyware?
A) It may contain hidden spyware
B) It increases screen brightness
C) It blocks all other installed applications
D) It automatically updates itself
β
Answer: A) It may contain hidden spyware
π Explanation: Many pirated software versions are trojanized with spyware, keyloggers, or other malware.
166. What is a “session hijacking spyware”?
A) Spyware that steals active login sessions
B) A tool for creating fake accounts
C) A spyware that modifies display settings
D) A spyware that only works offline
β
Answer: A) Spyware that steals active login sessions
π Explanation: Session hijacking spyware captures and reuses authentication tokens, allowing attackers to bypass passwords.
167. What is a “fileless keylogger”?
A) A keylogger that operates in memory without leaving files on disk
B) A keylogger embedded in USB drives
C) A keylogger that encrypts keystrokes
D) A keylogger that self-deletes after execution
β
Answer: A) A keylogger that operates in memory without leaving files on disk
π Explanation: Fileless keyloggers run entirely in RAM, making them harder to detect.
168. Which type of spyware modifies browser security settings to disable warnings?
A) Browser hijacker spyware
B) Ransomware
C) Key injection spyware
D) Clipboard tracking spyware
β
Answer: A) Browser hijacker spyware
π Explanation: Browser hijacker spyware modifies browser settings to disable security alerts and redirect users to malicious sites.
169. What is an “invisible keylogger”?
A) A keylogger that runs without appearing in process lists
B) A keylogger disguised as a keyboard shortcut
C) A keylogger that operates only in safe mode
D) A keylogger that only logs browser history
β
Answer: A) A keylogger that runs without appearing in process lists
π Explanation: Invisible keyloggers use stealth techniques to avoid appearing in Task Manager or process lists.
170. What kind of spyware can record voice conversations?
A) Audio surveillance spyware
B) Adware
C) Form-grabbing spyware
D) DNS tunneling spyware
β
Answer: A) Audio surveillance spyware
π Explanation: Audio surveillance spyware activates microphones remotely to record conversations.
171. What does spyware use to collect information without user interaction?
A) Keylogging, screen capturing, and clipboard monitoring
B) Pop-up ads only
C) Video acceleration tools
D) Password managers
β
Answer: A) Keylogging, screen capturing, and clipboard monitoring
π Explanation: Spyware collects sensitive information by logging keystrokes, taking screenshots, and monitoring clipboard activity.
172. What is a “Trojan spyware”?
A) A spyware disguised as legitimate software
B) A spyware that disables hardware components
C) A spyware that spreads via Bluetooth only
D) A spyware that requires two-factor authentication to function
β
Answer: A) A spyware disguised as legitimate software
π Explanation: Trojan spyware pretends to be legitimate software while secretly stealing data.
173. What is a “cloud-based keylogger”?
A) A keylogger that sends keystrokes to an attacker-controlled cloud storage
B) A keylogger that encrypts user data
C) A keylogger that deletes all system files
D) A keylogger that works offline
β
Answer: A) A keylogger that sends keystrokes to an attacker-controlled cloud storage
π Explanation: Cloud-based keyloggers send captured keystrokes directly to cloud storage accounts controlled by attackers.
174. What is the purpose of a spyware “dead drop” technique?
A) To store stolen data locally before transmitting it later
B) To delete all saved credentials from a system
C) To increase network speed
D) To create random login credentials
β
Answer: A) To store stolen data locally before transmitting it later
π Explanation: Dead drop techniques allow spyware to store data locally and send it in small bursts to avoid detection.
175. How does spyware bypass security updates?
A) By blocking system updates or modifying system policies
B) By increasing update frequency
C) By encrypting all network traffic
D) By disabling antivirus notifications
β
Answer: A) By blocking system updates or modifying system policies
π Explanation: Some spyware prevents system updates to avoid detection and maintain persistence.
176. What is a spyware “dropper”?
A) A small program that installs spyware on a device
B) A spyware that removes itself after a reboot
C) A spyware that encrypts passwords only
D) A spyware that cannot function without admin privileges
β
Answer: A) A small program that installs spyware on a device
π Explanation: Spyware droppers deliver and install spyware payloads without detection.
177. What is a primary risk of spyware targeting social media accounts?
A) Identity theft and social engineering attacks
B) Faster login times
C) Increased post engagement
D) Higher password security
β
Answer: A) Identity theft and social engineering attacks
π Explanation: Spyware targeting social media accounts can lead to identity theft, fake posts, and fraud.
178. What is a “click-based keylogger”?
A) A keylogger that records mouse clicks and movements
B) A keylogger that activates when a user presses Enter
C) A keylogger that only works on mobile devices
D) A keylogger that logs only special characters
β
Answer: A) A keylogger that records mouse clicks and movements
π Explanation: Click-based keyloggers monitor mouse movements and clicks to infer user actions.
179. Why do some keyloggers disable virtual keyboards?
A) To force users to type passwords normally
B) To speed up system performance
C) To increase browser caching
D) To improve user experience
β
Answer: A) To force users to type passwords normally
π Explanation: Some keyloggers disable virtual keyboards to ensure users enter sensitive data via physical keyboards.
180. What type of spyware alters system logs to avoid detection?
A) Log-clearing spyware
B) Adware
C) Cookie-tracking spyware
D) Keylogger malware
β
Answer: A) Log-clearing spyware
π Explanation: Log-clearing spyware modifies or deletes security logs to cover its tracks.
181. How do attackers use “keystroke injection” in keylogger attacks?
A) By sending fake keystrokes to manipulate input
B) By modifying a deviceβs Wi-Fi settings
C) By disabling all keyboard shortcuts
D) By forcing users to restart their computers
β
Answer: A) By sending fake keystrokes to manipulate input
π Explanation: Keystroke injection allows attackers to send unauthorized keystrokes to a system, often used for privilege escalation.
182. What is an effective way to protect against keylogger infections?
A) Using multi-factor authentication (MFA)
B) Keeping the keyboard unplugged
C) Using incognito mode in browsers
D) Changing wallpaper frequently
β
Answer: A) Using multi-factor authentication (MFA)
π Explanation: MFA provides an additional security layer, making it harder for attackers to misuse stolen credentials.
183. How do attackers use “JavaScript keyloggers”?
A) By embedding malicious scripts into web pages to capture typed data
B) By modifying system BIOS settings
C) By creating fake antivirus warnings
D) By changing a userβs internet speed
β
Answer: A) By embedding malicious scripts into web pages to capture typed data
π Explanation: JavaScript-based keyloggers can capture input directly from web forms before encryption.
184. How can spyware be embedded in mobile apps?
A) By adding malicious code into repackaged apps
B) By modifying VPN configurations
C) By using Bluetooth connections only
D) By preventing screen lock features
β
Answer: A) By adding malicious code into repackaged apps
π Explanation: Attackers often repackage legitimate apps with spyware and distribute them outside of official app stores.
185. What type of keylogger uses microphone signals to capture keystrokes?
A) Acoustic keylogger
B) USB-based keylogger
C) Memory-resident keylogger
D) Screenshot keylogger
β
Answer: A) Acoustic keylogger
π Explanation: Acoustic keyloggers analyze sound waves from keystrokes to determine what a user is typing.
186. What is a “trojanized keylogger”?
A) A keylogger disguised as legitimate software
B) A keylogger that self-destructs after use
C) A keylogger that only works with touchscreen devices
D) A keylogger embedded in email headers
β
Answer: A) A keylogger disguised as legitimate software
π Explanation: Trojanized keyloggers often appear as normal programs but secretly record keystrokes.
187. What does spyware use “screen overlay attacks” for?
A) To capture user input by placing an invisible layer over legitimate apps
B) To modify operating system security policies
C) To disable system firewalls
D) To generate fake system alerts
β
Answer: A) To capture user input by placing an invisible layer over legitimate apps
π Explanation: Screen overlay attacks allow spyware to steal user input by mimicking real login pages.
188. How do attackers use “spyware-as-a-service” (SaaS)?
A) By selling pre-built spyware tools to cybercriminals
B) By blocking unauthorized spyware usage
C) By encrypting all internet traffic
D) By providing spyware removal services
β
Answer: A) By selling pre-built spyware tools to cybercriminals
π Explanation: Spyware-as-a-service (SaaS) platforms offer ready-made spyware for hackers with minimal technical knowledge.
189. What is a “virtual keyboard logger”?
A) A spyware that captures on-screen keyboard inputs
B) A tool that blocks keylogging attempts
C) A software used to generate strong passwords
D) A keylogger that modifies browser cache
β
Answer: A) A spyware that captures on-screen keyboard inputs
π Explanation: Virtual keyboard loggers capture touch-based or mouse-based inputs from on-screen keyboards.
190. What is a key feature of “modular spyware”?
A) It can download additional malicious components after infection
B) It only targets outdated systems
C) It operates only when the user is offline
D) It forces the user to reset their device
β
Answer: A) It can download additional malicious components after infection
π Explanation: Modular spyware allows attackers to install additional functionalities remotely.
191. What method do hackers use to install spyware via fake system updates?
A) Man-in-the-middle (MITM) attacks
B) Bluetooth jamming
C) Firewall bypassing
D) Cookie tracking
β
Answer: A) Man-in-the-middle (MITM) attacks
π Explanation: In MITM attacks, attackers intercept software updates and inject spyware into them.
192. What is an advanced spyware technique that replaces legitimate system files?
A) File injection
B) Network tunneling
C) Browser cache poisoning
D) Traffic redirection
β
Answer: A) File injection
π Explanation: File injection spyware replaces system files to ensure persistence and avoid detection.
193. How does spyware manipulate search engine results?
A) By injecting rogue search results and redirects
B) By increasing internet browsing speed
C) By disabling browser cache storage
D) By modifying RAM allocation
β
Answer: A) By injecting rogue search results and redirects
π Explanation: Some spyware modifies browser search results to direct users to malicious websites.
194. What is the main goal of spyware targeting industrial control systems (ICS)?
A) Espionage and sabotage
B) Improving energy efficiency
C) Increasing processing power
D) Updating firmware automatically
β
Answer: A) Espionage and sabotage
π Explanation: Spyware targeting ICS environments is often used for cyber espionage or industrial sabotage.
195. What is an “HTTP keylogger”?
A) A keylogger that sends captured keystrokes via HTTP requests
B) A keylogger that modifies browser themes
C) A keylogger that only records login attempts
D) A keylogger that requires administrator privileges to run
β
Answer: A) A keylogger that sends captured keystrokes via HTTP requests
π Explanation: HTTP keyloggers use unencrypted web requests to send stolen data to attacker-controlled servers.
196. How does spyware evade detection by behavioral analysis tools?
A) By mimicking legitimate application behavior
B) By increasing CPU fan speed
C) By modifying screen brightness
D) By forcing users to restart their computer
β
Answer: A) By mimicking legitimate application behavior
π Explanation: Some spyware imitates normal application behavior to bypass behavior-based detection tools.
197. What is a “registry-based keylogger”?
A) A keylogger that stores keystroke logs in the Windows registry
B) A keylogger that only records system errors
C) A keylogger that blocks user input
D) A keylogger that operates exclusively on Linux
β
Answer: A) A keylogger that stores keystroke logs in the Windows registry
π Explanation: Registry-based keyloggers hide stolen keystrokes in Windows registry keys to avoid detection.
198. What is a “self-destructing spyware”?
A) Spyware that deletes itself after transmitting stolen data
B) Spyware that cannot be uninstalled
C) Spyware that only operates in virtual machines
D) Spyware that modifies keyboard layouts
β
Answer: A) Spyware that deletes itself after transmitting stolen data
π Explanation: Self-destructing spyware removes itself to avoid forensic analysis after completing its mission.
199. How do attackers use “session replay spyware”?
A) By recording user actions on a webpage for later analysis
B) By encrypting system logs
C) By modifying user account credentials
D) By disabling VPN connections
β
Answer: A) By recording user actions on a webpage for later analysis
π Explanation: Session replay spyware captures mouse movements, clicks, and keyboard inputs to analyze user behavior.
200. What is an effective way to detect spyware infections manually?
A) Checking for suspicious network activity
B) Increasing system brightness
C) Deleting browser cookies
D) Using a custom mouse pointer
β
Answer: A) Checking for suspicious network activity
π Explanation: Spyware often communicates with remote servers, making network activity monitoring a valuable detection method.