nerdexam
EC-Council

312-50V9 · Question #572

Which of the following is the primary objective of a rootkit?

The correct answer is C. It replaces legitimate programs. A rootkit's primary objective is to maintain stealth and persistent access by replacing legitimate system binaries with trojaned versions that conceal the attacker's presence. This distinguishes rootkits from other malware types.

Malware Threats

Question

Which of the following is the primary objective of a rootkit?

Options

  • AIt opens a port to provide an unauthorized service
  • BIt creates a buffer overflow
  • CIt replaces legitimate programs
  • DIt provides an undocumented opening in a program

How the community answered

(35 responses)
  • A
    3% (1)
  • C
    94% (33)
  • D
    3% (1)

Why each option

A rootkit's primary objective is to maintain stealth and persistent access by replacing legitimate system binaries with trojaned versions that conceal the attacker's presence. This distinguishes rootkits from other malware types.

AIt opens a port to provide an unauthorized service

Opening a port to provide unauthorized services is the behavior of a backdoor or remote access trojan (RAT), not the defining characteristic of a rootkit.

BIt creates a buffer overflow

Creating a buffer overflow is an exploit technique used to gain initial access or escalate privileges - it is a means of attack delivery, not a rootkit's objective.

CIt replaces legitimate programsCorrect

Rootkits achieve their core goal - hiding attacker activity - by replacing legitimate OS programs (such as ls, ps, netstat, and login) with modified versions that suppress any output revealing malicious processes, files, or connections. This systematic replacement of trusted system executables is what defines a rootkit and separates it from backdoors or exploit code.

DIt provides an undocumented opening in a program

Providing an undocumented opening in a program describes a backdoor, which may be installed by a rootkit as a secondary payload but is not the rootkit's primary objective.

Concept tested: Rootkit primary objective - replacing legitimate system binaries

Source: https://www.cisa.gov/news-events/news/understanding-hidden-threats-rootkits-and-botnets

Topics

#rootkit#malware objectives#process hiding#file replacement

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice