EC-CouncilEC-Council
312-50V13 · Question #478
312-50V13 Question #478: Real Exam Question with Answer & Explanation
The correct answer is C: Kernel-level rootkit. A kernel-level rootkit modifies or replaces parts of the operating system's kernel code to hide its presence and maintain control over the system.
Submitted by alyssa_d· Mar 6, 2026Malware Threats
Question
Which rootkit is characterized by its function of adding code and/or replacing some of the operating- system kernel code to obscure a backdoor on a system?
Options
- AUser-mode rootkit
- BLibrary-level rootkit
- CKernel-level rootkit
- DHypervisor-level rootkit
Explanation
A kernel-level rootkit modifies or replaces parts of the operating system's kernel code to hide its presence and maintain control over the system.
Common mistakes.
- A. A user-mode rootkit operates in the user space, infecting applications or libraries, making it easier to detect as it does not modify the core OS kernel.
- B. A library-level rootkit is a type of user-mode rootkit that intercepts system calls by modifying dynamic-link libraries, but it doesn't directly alter the OS kernel.
- D. A hypervisor-level rootkit runs beneath the operating system as a virtual machine monitor, but the description specifically mentions modifying 'operating-system kernel code,' which is characteristic of a kernel-level rootkit.
Concept tested. Kernel-level rootkit characteristics
Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/rootkits
Topics
#rootkits#kernel-level rootkit#malware#system compromise
Community Discussion
No community discussion yet for this question.