Splunk
SPLK-5001 · Question #103
SPLK-5001 Question #103: Real Exam Question with Answer & Explanation
The correct answer is B. Rootkit. A rootkit embeds itself at the user or kernel level, intercepting and tampering with operating‑system API calls to conceal files, processes, registry keys, and network connections from standard system utilities.
Question
This technique is used by attackers to hide the presence of components like programs, files, and network connections by hooking into the OS and intercepting system API calls. It can reside at the user or kernel level. What technique is this?
Options
- ASpear phishing
- BRootkit
- CGuardrails
- DSession hijacking
Explanation
A rootkit embeds itself at the user or kernel level, intercepting and tampering with operating‑system API calls to conceal files, processes, registry keys, and network connections from standard system utilities.
Community Discussion
No community discussion yet for this question.