CompTIA PenTest+ (PT0-002) — Question 18

A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

Answer options

• A. Spawned shells
• B. Created user accounts
• C. Server logs
• D. Administrator accounts
• E. Reboot system
• F. ARP cache

Correct answer: A, B

Explanation

The correct answers are A and B because spawned shells and created user accounts are direct artifacts of the penetration test that can indicate unauthorized access. Removing these helps ensure that the tester does not leave behind evidence of their activity, while server logs and other options may not directly indicate the tester's presence.