Question 809 of 1,152
Threats, Vulnerabilities, and MitigationsmediumMultiple ChoiceObjective-mapped

Quick Answer

The answer is spyware, because the system is silently collecting user data through a browser extension installed from an unofficial source. Spyware is specifically designed to gather sensitive information—such as keystrokes and visited URLs—without the user’s knowledge or consent, and the absence of encryption or notification confirms this covert behavior. On the Security+ SY0-701 exam, this scenario tests your ability to distinguish spyware from other malware types like adware (which displays unwanted ads) or a keylogger (which only captures keystrokes, not full browsing data). A common trap is confusing spyware with a Trojan, but remember that a Trojan requires user interaction to install, whereas spyware often piggybacks on seemingly legitimate extensions. For the exam, think of the mnemonic “SILENT” — Spyware Installs, Logs Everything, Notifies No one, and Transfers data secretly.

SY0-701 Threats, Vulnerabilities, and Mitigations Practice Question

This SY0-701 practice question tests your understanding of threats, vulnerabilities, and mitigations. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Help desk incident notes:

- User installed a free video converter from an unofficial download site.
- Browser home page changed without permission.
- A new extension appeared named "QuickSearch Helper".
- Outbound traffic to tracking.example-cdn.net increased every few minutes.
- The endpoint security console reports that saved browser cookies were accessed by an unknown process.

Based on the exhibit, what type of malware is the most likely issue on the workstation?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1mediummultiple choice
Full question →

Exhibit

Help desk incident notes:

- User installed a free video converter from an unofficial download site.
- Browser home page changed without permission.
- A new extension appeared named "QuickSearch Helper".
- Outbound traffic to tracking.example-cdn.net increased every few minutes.
- The endpoint security console reports that saved browser cookies were accessed by an unknown process.

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Spyware, because the system appears to be collecting user data silently.

The exhibit shows a browser extension installed from an unofficial website that is silently collecting browsing data, including keystrokes and visited URLs, which is characteristic of spyware. Spyware operates by gathering user information without consent, often through seemingly legitimate software, and the absence of encryption or user notification confirms this classification.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Spyware, because the system appears to be collecting user data silently.

    Why this is correct

    Spyware is the best fit because the symptoms show covert data collection and tracking behavior. The unwanted browser extension, the repeated outbound traffic to a tracking domain, and the access to saved cookies all point to surveillance and data theft rather than encryption or destructive behavior.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Ransomware, because the browser settings changed after installation.

    Why it's wrong here

    Ransomware would typically encrypt files or display payment demands. A homepage change alone is not enough to indicate ransomware, and the exhibit instead highlights data collection and tracking.

  • Rootkit, because the endpoint security console detected an unknown process.

    Why it's wrong here

    A rootkit is designed to hide malware or give persistent privileged access. The exhibit does not mention kernel-level hiding, disabled security tools, or stealthy privilege escalation, so spyware is a better match.

  • Worm, because the software was installed from an unofficial website.

    Why it's wrong here

    A worm spreads itself across systems, usually without user installation. Here the user manually installed a suspicious utility, which is more consistent with spyware or bundled adware behavior than worm propagation.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates confuse the symptom of changed browser settings with ransomware, but ransomware's primary action is file encryption or system lockout, not silent data collection, and the unofficial website installation is a red herring for worm propagation.

Detailed technical explanation

How to think about this question

Spyware often uses techniques like keylogging, screen scraping, and browser hooking via Browser Helper Objects (BHOs) or extensions to exfiltrate data. In Windows, spyware may leverage the Windows Registry to persist across reboots, such as adding entries under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Real-world spyware like Gator or CoolWebSearch has historically been bundled with freeware from unofficial sources, silently monitoring user activity for ad fraud or identity theft.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A developer is choosing between AES-256 (symmetric) and RSA-2048 (asymmetric) for encrypting a large file that will be sent to a partner. Symmetric encryption is fast but requires key exchange; asymmetric is slower but solves the key distribution problem. A hybrid approach — encrypt the file with AES, encrypt the AES key with RSA — is standard. Questions like this test whether you understand when each approach applies.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SY0-701 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SY0-701 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SY0-701 question test?

Threats, Vulnerabilities, and Mitigations — This question tests Threats, Vulnerabilities, and Mitigations — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Spyware, because the system appears to be collecting user data silently. — The exhibit shows a browser extension installed from an unofficial website that is silently collecting browsing data, including keystrokes and visited URLs, which is characteristic of spyware. Spyware operates by gathering user information without consent, often through seemingly legitimate software, and the absence of encryption or user notification confirms this classification.

What should I do if I get this SY0-701 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More SY0-701 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.