CompTIA PenTest+ (PT0-002) — Question 170

A penetration tester successfully infiltrated the targeted web server and created credentials with administrative privileges. After conducting data exfiltration, which of the following should be the tester’s NEXT step?

Answer options

• A. Determine what data is available on the web server.
• B. Change or delete the logs.
• C. Log out and migrate to a new session.
• D. Log in as the new user.

Correct answer: C

Explanation

The correct answer is C because logging out and migrating to a new session helps the tester cover their tracks and avoid detection. Option A is incorrect as it focuses on data availability rather than next steps post-exfiltration. Option B, changing or deleting logs, could raise alarms if not done carefully, and option D does not contribute to the tester's operational security and could lead to being detected.