nerdexam
EC-Council

312-50V11 · Question #670

Which of the following is the primary objective of a rootkit?

The correct answer is C. It replaces legitimate programs. A rootkit's primary objective is to replace or hook into legitimate OS programs and system calls so that malicious activity remains hidden from administrators and security tools.

Malware Threats

Question

Which of the following is the primary objective of a rootkit?

Options

  • AIt opens a port to provide an unauthorized service
  • BIt creates a buffer overflow
  • CIt replaces legitimate programs
  • DIt provides an undocumented opening in a program

How the community answered

(65 responses)
  • A
    2% (1)
  • B
    3% (2)
  • C
    92% (60)
  • D
    3% (2)

Why each option

A rootkit's primary objective is to replace or hook into legitimate OS programs and system calls so that malicious activity remains hidden from administrators and security tools.

AIt opens a port to provide an unauthorized service

Opening an unauthorized network port is the defining behavior of a backdoor or certain trojans, not the primary purpose of a rootkit.

BIt creates a buffer overflow

Creating a buffer overflow is an exploitation technique used to gain initial code execution, not a rootkit objective.

CIt replaces legitimate programsCorrect

Rootkits achieve persistent, stealthy access by replacing legitimate operating system binaries or intercepting kernel-level system calls with modified versions that filter out any evidence of the attacker's presence, making the malware extremely difficult to detect or remove.

DIt provides an undocumented opening in a program

Providing an undocumented opening in a program describes a backdoor, which grants covert access but does not inherently replace or hide system-level components.

Concept tested: Rootkit primary objective - replacing legitimate OS components

Source: https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/rootkits-malware

Topics

#rootkit#malware stealth#program replacement#system compromise

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice