Exam 350-701 topic 1 question 15 discussion

1. Kernel rootkit 2. Hardware or firmware rootkit 3. Hyper-V rootkits 4. Bootloader rootkit or bootkit 5. Memory rootkit 6. User-mode or application rootkit

C&D. https://heimdalsecurity.com/blog/rootkit/

User mode and bootloader - C and D

C. User mode D. Bootloader A rootkit is a type of malicious software that is designed to hide itself and its activities from the system and its users. There are several types of rootkits, but the two most common are user-mode and bootloader rootkits. A user-mode rootkit runs at the same privilege level as a normal application and is able to intercept and modify system calls made by other processes. It can also hide its presence by modifying the output of system commands such as "ps" or "netstat" A bootloader rootkit infects the system's bootloader, which is the first piece of software that runs when a computer starts up. By infecting the bootloader, a rootkit can ensure that it is loaded before the operating system, making it difficult for the system to detect and remove it. Additionally, it can also hide its presence by modifying the output of system commands such as "ps" or "netstat" Option A, registry, is a database in Windows operating systems that stores configuration settings and options for the operating system, applications, and users. Registry is not a type of rootkit.

Please ignore the first comment C & D is the correct answer, Kernel, user, bootloader and Memory are the 4 types of rootkits,

B &C is the correct answer kernel Rootkit, User Mode Rootkits, Buffer Mode Rootkit and Memory Rootkits are the four

https://en.wikipedia.org/wiki/Rootkit#Types User mode (C) Bootkits (D)

User-mode or application rootkit - User-mode rootkits are simpler and easier to detect than kernel or boot record rootkits. This is because they hide within an application itself, and not system-critical files. In other words, they operate at the level of standard programs such as Paint, Word, PC games and so on. This means a good antivirus or anti-rootkit program will probably find the malware and then remove it.

The correct answer is Bootloader and Virtual toll kit.There is no user-mode tool kit. Hypervisor (Virtualized) Level Rootkits: Hypervisor (Virtualized) Level Rootkits are created by exploiting hardware features such as Intel VT or AMD-V (Hardware assisted virtualization technologies). Hypervisor level rootkits hosts the target operating system as a virtual machine and therefore they can intercept all hardware calls made by the target operating system. Boot loader Level (Bootkit) Rootkits: Boot loader Level (Bootkit) Rootkits replaces or modifies the legitimate boot loader with another one thus enabling the Boot loader Level (Bootkit) to be activated even before the operating system is started. Boot loader Level (Bootkit) Rootkits are serious threat to security because they can be used to hack the encryption keys and passwords.