Palo Alto Networks (PANW) Certified Cybersecurity Entry-level Technician (PCCET) Practice Exam

Which type of advanced malware produces an infinite variety of signature hashes, making detection challenging?

• A. Distributed
• B. Polymorphic
• C. Multi-functional
• D. Obfuscated

The correct answer is: Polymorphic

Polymorphic malware is characterized by its ability to change its underlying code whenever it infects a new host. This continuous alteration of its code creates a wide variety of signature hashes, meaning traditional signature-based detection methods become less effective against it. Since each iteration of polymorphic malware can appear different to detection systems, identifying and neutralizing it becomes significantly more complex compared to static malware types. Polymorphic malware employs various techniques to modify its code while maintaining the same overall functionality, allowing it to evade detection by antivirus software that relies on known signatures. This adaptability enables polymorphic malware to persist in environments where more static forms of malware could be more easily identified and eradicated. In contrast, other types of malware listed do not inherently possess this capability. For instance, distributed malware focuses more on spreading across multiple systems rather than altering its code. Multi-functional malware typically refers to malware that can perform various malicious actions but does not specifically describe the dynamic signature-changing aspect. Obfuscation involves making code difficult to read, but it does not create changing signatures in the same manner that polymorphic malware does. Thus, the defining feature of generating an infinite variety of signature hashes aligns specifically with polymorphic malware.