A rootkit is a type of malicious software specifically designed to maintain persistent, unauthorized control over a compromised system while evading detection. Rootkits operate by embedding themselves deep within the operating system, often at the kernel level, allowing attackers to hide processes, files, network connections, and registry entries.
Once installed, a rootkit enables long-term access even after system reboots, making it a powerful persistence mechanism. Attackers use rootkits to maintain control, execute commands, capture credentials, and install additional malware without alerting security tools or administrators.
Option B, ARP spoofing, is a network-level attack used for traffic interception, not persistence. Option C, DDoS, is an availability attack and does not provide control over a device. Option D, encryption, is a defensive technology and does not grant persistence.
Cybersecurity operations and incident response documentation consistently identify rootkits as high-severity threats because of their stealth, durability, and ability to undermine trust in the operating system. Detecting rootkits often requires specialized tools, integrity checks, and sometimes full system reimaging.
Therefore, the technology used to maintain persistent control of an exploited device is a rootkit, making Option A the correct answer.
