CompTIA PenTest+ (PT0-001) — Question 61

A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the following actions should the penetration tester use to maintain persistence to the device? (Select TWO.)

Answer options

• A. Place an entry in HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.
• B. Place an entry in C:\windows\system32\drivers\etc\hosts for 12.17.20.10 badcomptia.com.
• C. Place a script in C:\users\%username\local\appdata\roaming\temp\au57d.ps1.
• D. Create a fake service in Windows called RTAudio to execute manually.
• E. Place an entry for RTAudio in HKLM\CurrentControlSet\Services\RTAudio.
• F. Create a schedule task to call C:\windows\system32\drivers\etc\hosts.

Correct answer: A, C

Explanation

Options A and C are correct because they both involve placing scripts that will execute automatically, ensuring that the penetration tester can regain access. The other options either do not provide persistent access or involve misleading configurations that do not ensure control of the device.