nerdexam
EC-Council

312-50V10 · Question #672

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

The correct answer is B. RootKit. A rootkit is specifically designed to hide OS-level artifacts such as processes, files, and registry entries, and often includes keylogging capability.

Malware Threats

Question

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options

  • ATrojan
  • BRootKit
  • CDoS tool
  • DScanner
  • EBackdoor

How the community answered

(25 responses)
  • A
    8% (2)
  • B
    88% (22)
  • E
    4% (1)

Why each option

A rootkit is specifically designed to hide OS-level artifacts such as processes, files, and registry entries, and often includes keylogging capability.

ATrojan

A Trojan disguises itself as legitimate software to gain execution but does not inherently provide OS-level hiding of processes, files, or registry entries.

BRootKitCorrect

Rootkits operate by hooking into operating system APIs and kernel structures to intercept and filter results, causing tools like Task Manager or the registry editor to omit malicious entries. This kernel-level or user-mode hooking also enables keystroke interception without detection. No other malware category combines all four listed capabilities - process hiding, file hiding, registry hiding, and keylogging - as its defining feature set.

CDoS tool

A DoS tool is used to flood or crash systems and services, not to conceal attacker artifacts on a host.

DScanner

A scanner is a reconnaissance tool used to discover hosts, ports, or vulnerabilities, not to hide activity on a compromised system.

EBackdoor

A backdoor provides covert re-entry to a system but does not inherently hide processes, files, or registry keys the way a rootkit does.

Concept tested: Rootkit capabilities - process and artifact hiding

Source: https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/rootkits-malware

Topics

#rootkit#process hiding#registry manipulation#keylogging

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice