CompTIA CASP+ (CAS-004) — Question 112

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?

Answer options

• A. Configuring systemd services to run automatically at startup
• B. Creating a backdoor
• C. Exploiting an arbitrary code execution exploit
• D. Moving laterally to a more authoritative server/service

Correct answer: B

Explanation

Creating a backdoor (B) is the most effective method for maintaining access after gaining root privileges, as it allows the tester to return without needing to exploit the system again. Configuring systemd services (A) is not applicable to Windows servers, while exploiting code execution (C) is more about gaining initial access rather than persistence. Moving laterally (D) does not ensure ongoing access to the original server.