Certified Ethical Hacker (CEH v12) — Question 311

To invisibly maintain access to a machine, an attacker utilizes a rootkit that sits undetected in the core components of the operating system. What is this type of rootkit an example of?

Answer options

• A. Firmware rootkit
• B. Kernel rootkit
• C. Hypervisor rootkit - C. Hardware rootkit

Correct answer: B

Explanation

The correct answer is B, Kernel rootkit, as it operates at the core of the operating system's kernel, allowing it to hide its presence effectively. A Firmware rootkit (A) targets firmware, a Hypervisor rootkit (C) functions at the virtualization level, and a Hardware rootkit (D) embeds itself in hardware components, none of which specifically interact with the OS kernel as directly as a Kernel rootkit does.