Examine the following characteristics and identify whic…

Examine the following characteristics and identify which answer best indicates the likely cause of this behavior:
Core operating system files are hidden
Backdoor access for attackers to return
Permissions changing on key files
A suspicious device driver
Encryption applied to certain files without explanation
Logfiles being wiped

Examine the following characteristics and identify which answer best indicates the likely cause of this behavior:
Core operating system files are hidden
Backdoor access for attackers to return
Permissions changing on key files
A suspicious device driver
Encryption applied to certain files without explanation
Logfiles being wiped

A.
Kernel-mode Rootkit

B.
User-mode Rootkit

C.
Malware

D.
Kernel-mode Badware

Explanation:
A rootkit is a set of tools placed on a system that has already been compromised. The attacker usually replaces
default system tools with compromised tools, which share the same name. Most rootkits contain sniffers, so the
data can be captured and reviewed by the attacker; and “log scrubbers,” which remove traces of the attacker’s
activities from the system logs.
Incorrect Answers:
B: A user-level rootkit does not have as much access or privilege compared to a kernel-level rootkit and would
not include device drivers.
C: Malware is a very broad term that describes any software that is written to do something nefarious.
D: Kernel-mode Badware is not a valid computer term.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1202-1204



Leave a Reply 0

Your email address will not be published. Required fields are marked *