GIAC GCIH Exam - Topic 5 Question 53 Discussion

Actual exam question for GIAC's GCIH exam

Question #: 53
Topic #: 5

[All GCIH Questions]

Which of the following types of rootkits replaces regular application binaries with Trojan fakes and modifies the behavior of existing applications using hooks, patches, or injected code?

AApplication level rootkit

BHypervisor rootkit

CKernel level rootkit

DBoot loader rootkit

Show Suggested Answer

Suggested Answer: A

by Terry at Apr 01, 2026, 09:05 PM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Yoko

4 days ago

I’m a bit confused between application level and kernel level rootkits. They both seem to modify behavior, but I feel like application level is more about the binaries.

upvoted 0 times

...

Ben

9 days ago

I remember practicing a question like this, and I think the answer was related to how the rootkit interacts with applications. Could it be A?

upvoted 0 times

...

Tracey

14 days ago

I think this might be the application level rootkit, but I'm not entirely sure. It sounds familiar from the study materials.

upvoted 0 times

...