A penetration tester successfully infiltrated the targeted web server and created credentials with administrative privileges. After conducting data exfiltration, which of the following should be the tester’s NEXT step?
A.
Determine what data is available on the web server.
According to the CompTIA PenTest+ Study Guide, "Post‐exploitation activities also include cleanup, concealment, and retaining access for longer‐term penetration testing activities. You should make sure you know how to hide the evidence of your actions by cleaning up log files, removing the files created by your tools, and ensuring that other artifacts are not easily discoverable by defenders."
Ok this is hard question. Normally you cleanup, clear logs. However if this is a real pentest for a client you should never remove logs unless told so...
You should never modify or delete logs of a client as they need these to be able to remediate and identify methodologies. You should migrate to a new session to avoid detection and continue with the penetration testing
This step helps in covering the tracks of the tester and makes it more difficult for defenders to understand exactly what was done during the penetration test. This is a typical step in the post-exploitation phase of a penetration test, especially when the goal is to simulate the behavior of an actual attacker and assess the organization's ability to detect and respond to the breach.
The other options do not follow the logical progression of a penetration test after the described actions have already been taken.
The next step for the penetration tester after conducting data exfiltration should be to log out and migrate to a new session. This will help to cover their tracks and minimize the chances of being detected. Changing or deleting the logs may also be a good idea to avoid being discovered, but it should not be the next step since the penetration tester may need to access the system later on for additional attacks or data exfiltration. Determining what data is available on the web server and logging in as the new user are also not appropriate next steps since the penetration tester has already accomplished their goals by successfully infiltrating the server and exfiltrating data.
Logging out and migrating to a new session would be the best option for the penetration tester’s next step in this scenario because it would allow them to maintain access to the system while avoiding detection.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Myfeedins479
Highly Voted 1 year agokillwitch
Most Recent 2 months, 1 week agoNikamy
5 months, 1 week agoBig_Dre
1 year agoDRVision
1 year, 5 months agosolutionz
1 year, 8 months ago[Removed]
2 years agocy_analyst
2 years agocy_analyst
2 years agoKingIT_ENG
2 years, 1 month ago[Removed]
2 years, 1 month agokenechi
2 years, 1 month agoFrog_Man
2 years, 1 month ago[Removed]
2 years, 1 month ago