Which statement best describes a rootkit?

• A. A firewall rule.
• B. A hardware device that monitors traffic.
• C. A benign software update.
• D. Type of malicious software that conceals its presence and gains administrative control.

Answer: (D)

A rootkit is malicious software designed to hide its presence and give an attacker administrative control over a compromised system. It achieves concealment by altering or hooking into core parts of the operating system so that security tools, logs, and other indicators don’t reveal its activities. This combination of stealth and persistent access lets the attacker maintain control, install backdoors, and operate without being detected. This is what sets it apart from other items: a firewall rule is a traffic-control policy, a hardware device that monitors traffic is a security tool, and a benign software update is intended to improve functionality—none of these are designed to conceal an attacker or give covert administrative access.