CompTIA PenTest+ (PT0-002) — Question 12

A penetration tester was able to compromise a server and escalate privileges. Which of the following should the tester perform AFTER concluding the activities on the specified target? (Choose two.)

Answer options

• A. Remove the logs from the server.
• B. Restore the server backup.
• C. Disable the running services.
• D. Remove any tools or scripts that were installed.
• E. Delete any created credentials.
• F. Reboot the target server.

Correct answer: D, E

Explanation

The correct actions are D and E because removing installed tools and deleting any created credentials help to cover the tester's tracks and maintain the integrity of the engagement. Options A and B are inappropriate as they could leave evidence of the testing, while C and F do not directly address the need to remove potential artifacts left behind.