CompTIA PenTest+ (PT0-001) — Question 109

During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command: c: \creditcards.db>c:\winit\system32\calc.exe:creditcards.db
Which of the following file system vulnerabilities does this command take advantage of?

Answer options

• A. Hierarchical file system
• B. Alternate data streams
• C. Backdoor success
• D. Extended file system

Correct answer: B

Explanation

The correct answer is B, Alternate data streams, as the command is using a feature of NTFS that allows data to be stored in a stream associated with a file name, enabling the storage of the credit card data in a way that may not be immediately visible. The other options do not describe this specific capability of NTFS and are therefore not applicable in this context.