nerdexam
ExamsPT0-001Questions#9
CompTIA

PT0-001 · Question #9

PT0-001 Question #9: Real Exam Question with Answer & Explanation

The correct answer is A: To remove the persistence. The chkconfig --del command removes a service from the system startup sequence, which is how a penetration tester cleans up persistence mechanisms installed during an engagement.

Post-exploitation and lateral movement

Question

Which of the following is the reason why a penetration tester would run the chkconfig --del command at the end of an engagement? servicename

Options

  • ATo remove the persistence
  • BTo enable persistence
  • CTo report persistence
  • DTo check for persistence

Explanation

The chkconfig --del command removes a service from the system startup sequence, which is how a penetration tester cleans up persistence mechanisms installed during an engagement.

Common mistakes.

  • B. chkconfig --add or chkconfig servicename on would enable persistence, not --del, which does the opposite.
  • C. Reporting persistence is a documentation activity done in a written report, not accomplished by running a shell command.
  • D. Checking for existing persistence would use chkconfig --list, not --del, which is a destructive operation that removes the entry.

Concept tested. Penetration test cleanup removing service persistence

Reference. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s2-services-chkconfig

Topics

#Linux persistence#chkconfig#service management#cleanup

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-001 Practice