CompTIA PenTest+ (PT0-001) — Question 31

While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

Answer options

• A. HKEY_CLASSES_ROOT
• B. HKEY_LOCAL_MACHINE
• C. HKEY_CURRENT_USER
• D. HKEY_CURRENT_CONFIG

Correct answer: C

Explanation

The correct answer is C, HKEY_CURRENT_USER, as it allows users with limited privileges to create and modify settings specific to their account. The other options, such as HKEY_LOCAL_MACHINE, often require higher privileges for modifications, and HKEY_CLASSES_ROOT and HKEY_CURRENT_CONFIG do not provide the same level of user-specific customization needed for persistence.