312-50V10 · Question #672
_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.
The correct answer is B. RootKit. A rootkit is specifically designed to hide OS-level artifacts such as processes, files, and registry entries, and often includes keylogging capability.
Question
_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.
Options
- ATrojan
- BRootKit
- CDoS tool
- DScanner
- EBackdoor
How the community answered
(25 responses)- A8% (2)
- B88% (22)
- E4% (1)
Why each option
A rootkit is specifically designed to hide OS-level artifacts such as processes, files, and registry entries, and often includes keylogging capability.
A Trojan disguises itself as legitimate software to gain execution but does not inherently provide OS-level hiding of processes, files, or registry entries.
Rootkits operate by hooking into operating system APIs and kernel structures to intercept and filter results, causing tools like Task Manager or the registry editor to omit malicious entries. This kernel-level or user-mode hooking also enables keystroke interception without detection. No other malware category combines all four listed capabilities - process hiding, file hiding, registry hiding, and keylogging - as its defining feature set.
A DoS tool is used to flood or crash systems and services, not to conceal attacker artifacts on a host.
A scanner is a reconnaissance tool used to discover hosts, ports, or vulnerabilities, not to hide activity on a compromised system.
A backdoor provides covert re-entry to a system but does not inherently hide processes, files, or registry keys the way a rootkit does.
Concept tested: Rootkit capabilities - process and artifact hiding
Source: https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/rootkits-malware
Topics
Community Discussion
No community discussion yet for this question.