CompTIA PenTest+ (PT0-003) — Question 105

During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?

Answer options

• A. On-path
• B. Logic bomb - С. Rootkit
• D. Buffer overflow

Correct answer: C

Explanation

The correct answer is C, Rootkit, as it is designed to hide its presence and can provide unauthorized access to systems by disguising itself as legitimate software. Options A (On-path) and D (Buffer overflow) do not specifically involve hiding software and typically do not grant ongoing unauthorized access. Option B (Logic bomb) is a malicious code that triggers under specific conditions but does not inherently disguise itself as legitimate software.