220-802 · Question #551
220-802 Question #551: Real Exam Question with Answer & Explanation
The correct answer is B: Hides the existence of certain processes and programs to provide elevated privileges. A rootkit is defined by its ability to conceal malicious processes, files, or registry entries from the operating system and users while granting an attacker persistent elevated (root-level) privileges.
Question
Options
- AAppears to be useful software until it is installed and fully activated
- BHides the existence of certain processes and programs to provide elevated privileges
- CReplicates by being copied or causing itself to be copied to another program
- DTravels from computer to computer using the native transport protocols available
Explanation
A rootkit is defined by its ability to conceal malicious processes, files, or registry entries from the operating system and users while granting an attacker persistent elevated (root-level) privileges.
Common mistakes.
- A. Appearing as useful software until activated describes a Trojan horse, which disguises malicious functionality inside a seemingly legitimate application.
- C. Replicating by copying itself to another program is the defining characteristic of a computer virus, not a rootkit.
- D. Self-propagating across computers using network transport protocols describes a worm, which spreads autonomously without requiring a host program.
Concept tested. Rootkit definition and stealth privilege escalation
Reference. https://www.cisa.gov/news-events/news/understanding-hidden-threats-rootkits-and-botnets
Community Discussion
No community discussion yet for this question.