ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50 All Questions

View all questions & answers for the 312-50 exam
Go to Exam

Exam 312-50 topic 4 question 28 discussion

Actual exam question from ECCouncil's 312-50
Question #: 28
Topic #: 4
[All 312-50 Questions]

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

  • A. Defeating the scanner from detecting any code change at the kernel
  • B. Replacing patch system calls with its own version that hides the rootkit (attacker's) actions
  • C. Performing common services for the application process and replacing real applications with fake ones
  • D. Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by dorinh at Dec. 1, 2021, 10:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dorinh
6 months, 1 week ago
By attaching itself to the master boot record in a hard drive and changing the machines boot sequence/options Windows 7 boot record never has the opportunity to determine something is awry. https://www.linkedin.com/pulse/how-can-rootkit-bypass-windows-operating-systems-kernel-jameel-nabbo
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel