CompTIA Security+ Exam Prep

Answer: B - When someone has gained access and uploaded a bundle of tools that allows an attacker to enter the system at any time, they have uploaded a rootkit. The first thing that is usually installed is a backdoor program, which allows the attacker to enter the system at any time without having to go through any authentication steps. The other tools in the rootkit may vary, but they usually comprise utilities that are used to cover the attacker’s tracks. Additionally, often a Trojan program is put in place to do some deeds in the forefront, but have more devious activities going on in the background. Sniffers are also used so the data can be captured and reviewed by the attacker. However for a sniffer to work, the system’s NIC must be put into promiscuous mode.