Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 6.53 Rootkits > Flashcards

Section 6.53 Rootkits Flashcards

Objectives 2.4 Given a Scenario, analyse indicators of malicious activity

1
Q

Rootkit

A

Designed to gain administrative level control over a given computer system without being detected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Administrator account

A

Account with the highest level of permissions is called the Administrator account

■ Allows the person to install programs, delete programs, open ports, shut ports,
and do whatever it is they want to do on that system

■ In a UNIX, Linux, or MacOS computer, this type of administrator account is §actually called the root account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Rings of permission

A

A computer system has several different rings of permissions throughout the system

■ Ring 3 (Outermost Ring): Where user level permissions are used - standard user

■ Ring 0 (Innermost or Highest Permission Levels): Kernel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ring 0 (Innermost or Highest Permission Levels):

Kernel Mode

A

Allows a system to control access to things like device drivers, your sound card, your video display or monitor, and other similar things

If you login as the administrator or root user on a system, you have root permission and you will be operating at Ring 1 of the operating system

■ Remember, the closer the malicious code is to the kernel, the more permissions it will have and the more damage it can cause on your system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Root Kit Installation and Rings

A

When a rootkit is installed on a system, it tries to move from Ring 1 to Ring 0 so that it can hide from other functions of the operating system to avoid detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Root Kit techniques

DLL Injection

A

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Root Kit techniques

Dynamic Link Library (DLL)

A

Collection of code and data that can be used by multiple programs
simultaneously to allow for code reuse and modularisation in software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Root Kit techniques

Shim

A

Piece of software code that is placed between two components and that
intercepts the calls between those components and can be used redirect them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Detect Rootkits

A

Rootkits are extremely powerful, and they are very difficult to detect because the operating system is essentially blinded to them

To detect them, the best way is to boot from an external device and then scan the internal hard drive to ensure that you can detect those rootkits using a good anti-malware scanning solution from a live boot Linux distribution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (205 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions