Certified Ethical Hacker (CEH v11) — Question 201

To invisibly maintain access to a machine, an attacker utilizes a rootkit that sits undetected in the core components of the operating system. What is this type of rootkit an example of?

Answer options

• A. Hypervisor rootkit
• B. Kernel rootkit
• C. Hardware rootkit
• D. Firmware rootkit

Correct answer: B

Explanation

The correct answer is B, Kernel rootkit, as it operates at the core level of the operating system, allowing it to remain undetected. Hypervisor rootkits, on the other hand, operate at the virtualization layer, while hardware and firmware rootkits interact with physical components and firmware, respectively, making them less relevant to this scenario.