Certified Ethical Hacker (CEH) — Question 72

Which of the following is the primary objective of a rootkit?

Answer options

• A. It opens a port to provide an unauthorized service
• B. It creates a buffer overflow
• C. It replaces legitimate programs
• D. It provides an undocumented opening in a program

Correct answer: C

Explanation

The correct answer is C, as rootkits are designed to replace legitimate programs with malicious versions to hide their presence and maintain control over the system. Option A refers to unauthorized services, which may be a consequence of a rootkit but not its primary function. Option B describes a vulnerability that rootkits may exploit, and D refers to undocumented features that may exist but do not represent the main purpose of a rootkit.