GAQM
CPEH-001 · Question #309
CPEH-001 Question #309: Real Exam Question with Answer & Explanation
Sign in or unlock CPEH-001 to reveal the answer and full explanation for question #309. The question stem and answer options stay visible for context.
Question
How can a rootkit bypass Windows 7 operating system's kernel mode, code signing policy?
Options
- ADefeating the scanner from detecting any code change at the kernel
- BReplacing patch system calls with its own version that hides the rootkit (attacker's) actions
- CPerforming common services for the application process and replacing real applications with fake
- DAttaching itself to the master boot record in a hard drive and changing the machine's boot
Unlock CPEH-001 to see the answer
You've previewed enough free CPEH-001 questions. Unlock CPEH-001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.