GIAC Certified Incident Handler (GCIH) — Question 183
Which of the following Linux rootkits allows an attacker to hide files, processes, and network connections?
Each correct answer represents a complete solution. (Choose all that apply.)
Answer options
- A. Phalanx2
- B. Beastkit
- C. Adore
- D. Knark
Correct answer: C, D
Explanation
Adore and Knark are both known for their capabilities to hide files, processes, and network connections from system monitoring tools, making them effective rootkits. In contrast, Phalanx2 and Beastkit do not primarily focus on these specific stealth features.