CompTIA PenTest+ (PT0-002) — Question 15

Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

Answer options

• A. To remove hash-cracking registry entries
• B. To remove the tester-created Mimikatz account
• C. To remove tools from the server
• D. To remove a reverse shell from the system

Correct answer: C

Explanation

The correct answer is C, as sdelete is used to securely delete files and tools installed during the testing process. Options A and B are incorrect because they do not pertain to the primary purpose of sdelete, which is file removal, and option D is also incorrect since it refers specifically to reverse shells rather than general tool cleanup.