CompTIACompTIA
PT0-002 · Question #214
PT0-002 Question #214: Real Exam Question with Answer & Explanation
The correct answer is D: Remove any tools or scripts that were installed.. After a penetration tester concludes activities on a compromised server, they must clean up any artifacts left behind to prevent unauthorized access or detection.
Post-exploitation and lateral movement
Question
A penetration tester was able to compromise a server and escalate privileges. Which of the following should the tester perform AFTER concluding the activities on the specified target? (Choose two.)
Options
- ARemove the logs from the server.
- BRestore the server backup.
- CDisable the running services.
- DRemove any tools or scripts that were installed.
- EDelete any created credentials.
- FReboot the target server.
Explanation
After a penetration tester concludes activities on a compromised server, they must clean up any artifacts left behind to prevent unauthorized access or detection.
Common mistakes.
- A. Removing logs is a malicious act that would hide evidence of the penetration test from the client, hindering their ability to identify and remediate vulnerabilities.
- B. Restoring a server backup is a recovery action typically performed by the client's IT operations, not a post-test cleanup activity by the penetration tester.
- C. Disabling running services would disrupt normal server operations, which is not part of a standard post-exploitation cleanup and could cause service outages.
- F. Rebooting the target server would disrupt service availability and is not a necessary or appropriate post-exploitation cleanup step for artifact removal.
Concept tested. Penetration testing post-exploitation cleanup
Topics
#Post-exploitation cleanup#Penetration testing methodology#Footprint removal#Ethical hacking
Community Discussion
No community discussion yet for this question.