CompTIA PenTest+ (PT0-001) — Question 111

After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?

Answer options

• A. Run a zero-day exploit.
• B. Create a new domain user with a known password.
• C. Modify a known boot time service to instantiate a call back.
• D. Obtain cleartext credentials of the compromised user.

Correct answer: C

Explanation

Modifying a known boot time service to execute a callback is likely to be detected because such changes are often monitored by security tools. In contrast, running a zero-day exploit, creating a new domain user, or obtaining cleartext credentials may go unnoticed for a longer period as they do not directly alter the system's established services.