nerdexam
Exams220-802Questions#952
CompTIA

220-802 · Question #952

220-802 Question #952: Real Exam Question with Answer & Explanation

The correct answer is D: Rootkit. A rootkit is specifically designed to maintain persistent, hidden administrative access to a compromised system. It operates at a low level (kernel or firmware) to conceal its presence from the OS, antivirus tools, and administrators, allowing the attacker to return undetected. A

Question

After gaining administrative access, a malicious intruder might leave which of the following behind on a compromised system to allow for continued monitoring and access?

Options

  • ATrojan horse
  • BLogic bomb
  • CSpyware
  • DRootkit

Explanation

A rootkit is specifically designed to maintain persistent, hidden administrative access to a compromised system. It operates at a low level (kernel or firmware) to conceal its presence from the OS, antivirus tools, and administrators, allowing the attacker to return undetected. A Trojan horse is an initial delivery mechanism, not a persistence tool. A logic bomb executes a destructive payload when triggered - it does not provide ongoing access. Spyware collects data but does not specifically provide the attacker with remote administrative control or hide itself as thoroughly as a rootkit.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-802 Practice