312-50V9 · Question #572
Which of the following is the primary objective of a rootkit?
The correct answer is C. It replaces legitimate programs. A rootkit's primary objective is to maintain stealth and persistent access by replacing legitimate system binaries with trojaned versions that conceal the attacker's presence. This distinguishes rootkits from other malware types.
Question
Which of the following is the primary objective of a rootkit?
Options
- AIt opens a port to provide an unauthorized service
- BIt creates a buffer overflow
- CIt replaces legitimate programs
- DIt provides an undocumented opening in a program
How the community answered
(35 responses)- A3% (1)
- C94% (33)
- D3% (1)
Why each option
A rootkit's primary objective is to maintain stealth and persistent access by replacing legitimate system binaries with trojaned versions that conceal the attacker's presence. This distinguishes rootkits from other malware types.
Opening a port to provide unauthorized services is the behavior of a backdoor or remote access trojan (RAT), not the defining characteristic of a rootkit.
Creating a buffer overflow is an exploit technique used to gain initial access or escalate privileges - it is a means of attack delivery, not a rootkit's objective.
Rootkits achieve their core goal - hiding attacker activity - by replacing legitimate OS programs (such as ls, ps, netstat, and login) with modified versions that suppress any output revealing malicious processes, files, or connections. This systematic replacement of trusted system executables is what defines a rootkit and separates it from backdoors or exploit code.
Providing an undocumented opening in a program describes a backdoor, which may be installed by a rootkit as a secondary payload but is not the rootkit's primary objective.
Concept tested: Rootkit primary objective - replacing legitimate system binaries
Source: https://www.cisa.gov/news-events/news/understanding-hidden-threats-rootkits-and-botnets
Topics
Community Discussion
No community discussion yet for this question.