312-50V11 · Question #670
Which of the following is the primary objective of a rootkit?
The correct answer is C. It replaces legitimate programs. A rootkit's primary objective is to replace or hook into legitimate OS programs and system calls so that malicious activity remains hidden from administrators and security tools.
Question
Which of the following is the primary objective of a rootkit?
Options
- AIt opens a port to provide an unauthorized service
- BIt creates a buffer overflow
- CIt replaces legitimate programs
- DIt provides an undocumented opening in a program
How the community answered
(65 responses)- A2% (1)
- B3% (2)
- C92% (60)
- D3% (2)
Why each option
A rootkit's primary objective is to replace or hook into legitimate OS programs and system calls so that malicious activity remains hidden from administrators and security tools.
Opening an unauthorized network port is the defining behavior of a backdoor or certain trojans, not the primary purpose of a rootkit.
Creating a buffer overflow is an exploitation technique used to gain initial code execution, not a rootkit objective.
Rootkits achieve persistent, stealthy access by replacing legitimate operating system binaries or intercepting kernel-level system calls with modified versions that filter out any evidence of the attacker's presence, making the malware extremely difficult to detect or remove.
Providing an undocumented opening in a program describes a backdoor, which grants covert access but does not inherently replace or hide system-level components.
Concept tested: Rootkit primary objective - replacing legitimate OS components
Source: https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/rootkits-malware
Topics
Community Discussion
No community discussion yet for this question.