Which macOS persistence mechanism can be installed to run at boot by loading a plist via launchd/launchctl?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which macOS persistence mechanism can be installed to run at boot by loading a plist via launchd/launchctl?

In macOS, persistence at boot through a plist loaded by launchd/launchctl is accomplished with a Launch Daemon. A Launch Daemon is a system-wide service defined by a plist placed in /Library/LaunchDaemons. This plist specifies what to run (Program or ProgramArguments) and can include RunAtLoad to start automatically when launchd loads it at boot. Since these daemons run as root, they provide persistence across reboots. This setup is distinct from Launch Agents, which run per user after login, not at system boot. Sudo is just a privilege escalation tool, not a startup item. Kernel exploits and web shells are different attack methods and not the mechanism described.

Which macOS persistence mechanism can be installed to run at boot by loading a plist via launchd/launchctl?

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Which macOS persistence mechanism can be installed to run at boot by loading a plist via launchd/launchctl?

Get the latest from Passetra