CompTIA Security Plus Mock Test Q708

A computer is found to be infected with malware and a technician re-installs the operating system. The computer remains infected with malware. This is an example of:

A. a rootkit.
B. a MBR infection.
C. an exploit kit.
D. Spyware.

Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
An MBR infection is malware that is installed into the Master Boot Record (MBR) of a hard disk. Reinstalling the operating system does not remove the malware from the MBR. A
‘Bootkit’ is a rootkit that infects the Master Boot Record.
Bootkits are an advanced form of rootkits that take the basic functionality of a rootkit and extend it with the ability to infect the master boot record (MBR) or volume boot record (VBR)
so that the bootkit remains active even after a system reboot.
Bootkits are designed to not only load from the master boot record but also remain active in the system memory from protected mode through the launch of the operating system and
during the computer’s active state.

Incorrect Answers:
A: A rootkit installs into the operating system. Reinstalling the operating system would remove the rootkit.
C: An exploit kit is a toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser. An exploit kit is
not malware as such; it is an application that would be installed in the operating system and therefore would be removed by reinstalling the operating system.
D: Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the
consumer’s consent, or that asserts control over a computer without the consumer’s knowledge. Spyware installs into the operating system. Reinstalling the operating system would
remove the spyware.

References:
http://www.webopedia.com/TERM/B/bootkit.html