312-50V12 · Question #134
312-50V12 Question #134: Real Exam Question with Answer & Explanation
The correct answer is C: Kernel-level rootkit. Kernel-Level Rootkit Explained A kernel-level rootkit operates at the core of the operating system by directly modifying or injecting code into the OS kernel itself, making it the most powerful and stealthy type - perfectly matching the description of "adding code and/or replacin
Question
Which rootkit is characterized by its function of adding code and/or replacing some of the operating- system kernel code to obscure a backdoor on a system?
Options
- AUser-mode rootkit
- BLibrary-level rootkit
- CKernel-level rootkit
- DHypervisor-level rootkit
Explanation
Kernel-Level Rootkit Explained
A kernel-level rootkit operates at the core of the operating system by directly modifying or injecting code into the OS kernel itself, making it the most powerful and stealthy type - perfectly matching the description of "adding code and/or replacing OS kernel code to hide a backdoor." User-mode rootkits (A) operate in the application layer, targeting user-space processes and system calls rather than the kernel directly, making them easier to detect. Library-level rootkits (B) intercept and modify system library files (like DLLs) that applications use, sitting between user applications and the kernel rather than within the kernel itself. Hypervisor-level rootkits (D) operate below the OS by creating a virtualization layer underneath it, essentially hijacking the entire system at the hardware level, not by patching kernel code.
🧠 Memory Tip: Think "K for Kernel = K for Kore (Core)" - a kernel-level rootkit goes to the core of the OS and rewrites the rules from the inside. If the question mentions modifying or replacing OS kernel code, the answer will always point to the kernel level.
Topics
Community Discussion
No community discussion yet for this question.