PT0-003 · Question #293
PT0-003 Question #293: Real Exam Question with Answer & Explanation
The correct answer is B: Remove utilized persistence mechanisms on client systems. The immediate and mandatory post-engagement action after completing an authorized penetration test is to remove any accounts, implants, backdoors, web shells, scheduled tasks, or other persistence mechanisms that were created or used during the test. Leaving persistence (a web sh
Question
A company's incident response team determines that a breach occurred because a penetration tester left a web shell. Which of the following should the penetration tester have done after the engagement?
Options
- AEnable a host-based firewall on the machine
- BRemove utilized persistence mechanisms on client systems
- CRevert configuration changes made during the engagement
- DTurn off command-and-control infrastructure
Explanation
The immediate and mandatory post-engagement action after completing an authorized penetration test is to remove any accounts, implants, backdoors, web shells, scheduled tasks, or other persistence mechanisms that were created or used during the test. Leaving persistence (a web shell in this case) is exactly what caused the breach and is an unacceptable post-test lapse. Persistence mechanisms provide continued unauthorized access and are a direct security risk if not removed. Removing them returns the environment to its pre-test security posture and prevents later compromise by third parties.
Topics
Community Discussion
No community discussion yet for this question.