nerdexam
EC-Council

312-50V10 · Question #670

312-50V10 Question #670: Real Exam Question with Answer & Explanation

The correct answer is C. It replaces legitimate programs. Rootkits primarily achieve persistence and stealth by replacing legitimate OS programs with malicious versions that conceal the attacker's presence.

Malware Threats

Question

Which of the following is the primary objective of a rootkit?

Options

  • AIt opens a port to provide an unauthorized service
  • BIt creates a buffer overflow
  • CIt replaces legitimate programs
  • DIt provides an undocumented opening in a program

Explanation

Rootkits primarily achieve persistence and stealth by replacing legitimate OS programs with malicious versions that conceal the attacker's presence.

Common mistakes.

  • A. Opening a port for unauthorized services is the behavior of a backdoor or trojan, not the primary objective of a rootkit.
  • B. Creating a buffer overflow is an exploitation technique used to gain initial access, not something a rootkit does after installation.
  • D. Providing an undocumented opening in a program describes a backdoor, which is a separate malware category focused on re-entry rather than stealth through file replacement.

Concept tested. Rootkit definition and primary stealth mechanism

Reference. https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/rootkits-malware

Topics

#rootkit#malware behavior#program replacement#stealth techniques

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice