312-50V13 · Question #124
Which of the following is the primary objective of a rootkit?
The correct answer is C. It replaces legitimate programs. The primary objective of a rootkit is to replace legitimate system programs or modify operating system components to conceal its presence and activities.
Question
Options
- AIt opens a port to provide an unauthorized service
- BIt creates a buffer overflow
- CIt replaces legitimate programs
- DIt provides an undocumented opening in a program
How the community answered
(34 responses)- A3% (1)
- B6% (2)
- C88% (30)
- D3% (1)
Why each option
The primary objective of a rootkit is to replace legitimate system programs or modify operating system components to conceal its presence and activities.
While a rootkit might open a port, this is a method or consequence of its presence, not its primary objective, which is concealment.
Rootkits typically exploit vulnerabilities, but creating a buffer overflow is a specific exploit technique to gain initial access, not the rootkit's ongoing primary objective.
Rootkits are designed to gain and maintain surreptitious access to a computer while hiding their presence from legitimate users and system administrators. They achieve this by modifying core operating system files, utilities, or kernel modules, replacing legitimate programs with malicious versions to obscure malicious processes, files, or network connections.
Providing an undocumented opening in a program is a description of a backdoor, which can be a component of a rootkit's functionality, but the rootkit's overarching goal is hiding.
Concept tested: Rootkit purpose and functionality
Source: https://learn.microsoft.com/en-us/security/compass/incident-response-playbook-malware#rootkit
Topics
Community Discussion
No community discussion yet for this question.