200-201 Question #154: Real Exam Question with Answer & Explanation

Question

What describes the usage of a rootkit in endpoint-based attacks?

Options

• Aremote code execution that causes a denial-of-service on the system
• Bexploit that can be used to perform remote code execution
• Cset of vulnerabilities used by an attacker to disable root access on the system
• Dset of tools used by an attacker to maintain control of a compromised system while avoiding

Explanation

A rootkit is a collection of tools used by an attacker to maintain persistent, undetected control over a compromised system, often by modifying operating system components.

Common mistakes.

• A. Remote code execution causing denial-of-service is a specific type of attack outcome, but not the primary definition or usage of a rootkit, which is focused on stealth and persistence.
• B. While an exploit might be used to install a rootkit, a rootkit itself is not an exploit; it's a post-exploitation tool for maintaining control and stealth.
• C. Rootkits are used to gain and maintain privileged access (often root/administrator) and conceal activity, not to disable root access for the attacker.

Concept tested. Rootkit functionality and purpose

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/rootkits

No community discussion yet for this question.