nerdexam
Exams312-50V10Questions#672
EC-Council

312-50V10 · Question #672

312-50V10 Question #672: Real Exam Question with Answer & Explanation

The correct answer is B: RootKit. A rootkit is specifically designed to hide OS-level artifacts such as processes, files, and registry entries, and often includes keylogging capability.

Question

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options

  • ATrojan
  • BRootKit
  • CDoS tool
  • DScanner
  • EBackdoor

Explanation

A rootkit is specifically designed to hide OS-level artifacts such as processes, files, and registry entries, and often includes keylogging capability.

Common mistakes.

  • A. A Trojan disguises itself as legitimate software to gain execution but does not inherently provide OS-level hiding of processes, files, or registry entries.
  • C. A DoS tool is used to flood or crash systems and services, not to conceal attacker artifacts on a host.
  • D. A scanner is a reconnaissance tool used to discover hosts, ports, or vulnerabilities, not to hide activity on a compromised system.
  • E. A backdoor provides covert re-entry to a system but does not inherently hide processes, files, or registry keys the way a rootkit does.

Concept tested. Rootkit capabilities - process and artifact hiding

Reference. https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/rootkits-malware

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice