220-1102 Practice Question: A user receives an email with an attachment named…

Answer choices

Why each option matters

Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.

Answer analysis

Why the other options are wrong

Understanding why incorrect options are tempting is as important as knowing the correct answer.

• ✗

  Worm

  A worm spreads automatically across networks without needing a host file or user interaction. The attack here requires the user to open an attachment, so it is not a worm.

• ✗

  Rootkit

  A rootkit is designed to conceal its presence and provide persistent privileged access. While a Trojan may install a rootkit, the initial infection vector described is the Trojan itself.

• ✗

  Ransomware

  Ransomware encrypts files and demands a ransom. The scenario only mentions downloading additional malware, not immediate file encryption, so this is not ransomware.

Technical deep dive

How to think about this question

The scenario describes a classic example of a Trojan horse. A Trojan horse is a type of malware that disguises itself as legitimate software or a harmless file to trick users into executing it. In this case, the file 'Invoice_2024.pdf.exe' is designed to appear as a PDF document, which is a common and generally safe file type, but its '.exe' extension reveals its true nature as an executable program. The user, likely misled by the 'pdf' part of the name and the context of an 'invoice,' opens the attachment, inadvertently running the malicious executable. Once executed, the Trojan then performs its hidden function, which in this scenario is to download and install additional malicious software without the user's knowledge. This initial deceptive delivery and execution mechanism is the defining characteristic of a Trojan horse. It relies on social engineering to trick the user into initiating the infection, rather than exploiting network vulnerabilities or spreading autonomously. This differs significantly from the other options. A worm, for instance, would self-propagate across a network without requiring user interaction or a host file, which is not what happened here. Ransomware's primary function is to encrypt data and demand payment, which is a subsequent action that might occur after a Trojan infection, but the initial infection vector described is not ransomware itself. A rootkit focuses on maintaining hidden access and concealing its presence, often installed by other malware like a Trojan, but the initial deceptive file that the user opens is the Trojan, not the rootkit itself. The critical element here is the initial deception and user-initiated execution of what appears to be a benign file.

More questions from this exam

Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.

FAQ

Questions learners often ask

Keep practising

More 220-1102 practice questions

• →A change advisory board (CAB) approved a standard change to update antivirus definitions on all servers. The technician…
• →A company's change management policy requires all server changes to be approved by the Change Advisory Board (CAB). A te…
• →A company is implementing a bring-your-own-device (BYOD) policy and needs to ensure that corporate data on employee mobi…
• →A company requires employees to present both a smart card and a PIN to log into their workstations. Which authentication…
• →A company requires all Windows 10 workstations to be able to join an Active Directory domain. Which edition of Windows 1…
• →A company wants to allow employees to securely access internal resources from home via the internet. Which method provid…