Question 8 - CertNexus CFR-410 Real Exam Questions [Jan 2026 Update]

Q: 8

A suspicious script was found on a sensitive research system. Subsequent analysis determined that proprietary data would have been deleted from both the local server and backup media immediately following a specific administrator’s removal from an employee list that is refreshed each evening. Which of the following BEST describes this scenario?

Options

Correct Answer:

Explanation

The scenario describes a classic logic bomb: malicious code designed to execute a destructive payload when a specific condition or event occurs. In this case, the trigger is the removal of an administrator's name from an employee list. A time bomb is a specific type of logic bomb where the trigger is a date or time. Although the trigger in the scenario is event-based, "Time bomb" is the most appropriate answer among the choices, as it belongs to the same category of malware (logic bombs) characterized by a dormant payload activated by a predefined trigger.

Why Incorrect

A. Backdoor: A backdoor is a mechanism for bypassing normal authentication to gain unauthorized access to a system, which is not the function described.

B. Rootkit: A rootkit is a set of tools designed to conceal its presence and maintain privileged access on a system, not to execute a one-time destructive action.

D. Login bomb: A login bomb is a type of logic bomb specifically triggered by a user login event, which is not the trigger in this scenario.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-83 Rev. 1

Guide to Malware Incident Prevention and Handling for Desktops and Laptops. Section 2.3.1.4 states

"Logic bombs are a type of malicious code that is intentionally installed

often by an insider. A logic bomb remains dormant until a specific condition is met... A common type of logic bomb is a time bomb

which is set to activate on a particular date and time." This reference distinguishes a logic bomb (the scenario) from a time bomb (the closest option) and shows they are related concepts.

2. Stallings

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. In Chapter 6

"Malicious Software

" a backdoor is defined as "a secret entry point into a program that allows someone that is aware of the backdoor to gain access without going through the usual security access procedures." This clearly differentiates it from the destructive payload in the question.

3. National Institute of Standards and Technology (NIST) Special Publication 800-12 Rev. 1

An Introduction to Information Security. In Appendix D

"Glossary

" a logic bomb is defined as "A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met." This confirms the scenario describes a logic bomb.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE