CompTIA PenTest+ (PT0-002) — Question 189

A penetration tester gives the following command to a systems administrator to execute on one of the target servers:

rm -f /var/www/html/G679h32gYu.php

Which of the following BEST explains why the penetration tester wants this command executed?

Answer options

• A. To trick the systems administrator into installing a rootkit
• B. To close down a reverse shell
• C. To remove a web shell after the penetration test
• D. To delete credentials the tester created

Correct answer: C

Explanation

The correct answer is C because the command is intended to delete a web shell that may have been uploaded during the penetration test. Options A, B, and D are incorrect as they misinterpret the intent behind the command, which is focused on cleanup rather than malicious actions or credential management.