ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
While investigating unusual outbound traffic, you discover that an Amazon EC2 Linux instance contains a loadable kernel module that is invisible to lsmod and persists across reboots. You suspect a rootkit is present. Which remediation approach best aligns with industry practice for removing this type of malware without depending on system tools that may already be compromised?
Install the latest kernel packages on the running instance and reboot to overwrite the malicious module.
Enable Amazon GuardDuty and wait for a finding, then quarantine the instance.
Reinstall the lsmod utility with the package manager and rerun it until the hidden module becomes visible.
Stop the instance, attach its volume to a clean rescue host, and run a file-integrity scan built from a trusted baseline before restoring or rebuilding the system.
Rootkits can tamper with the operating system at a very low level, hiding their files, processes, and kernel modules from utilities that run inside the infected machine. The safest way to eradicate them is to shut the instance down, boot it in a trusted rescue or forensic environment, and compare its binaries to a known-good baseline, replacing anything that was modified. Relying on in-guest tools (package managers, kernel updates, or security services) is risky because the rootkit can intercept or falsify their output. External monitoring such as GuardDuty may alert you to the infection but will not by itself remove the malicious code.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a rootkit and how does it compromise a system?
Open an interactive chat with Bash
Why is stopping the instance and scanning the volume considered a safer approach?
Open an interactive chat with Bash
What is a file-integrity scan, and how does it detect rootkit modifications?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .