CompTIA PenTest+ (PT0-002) — Question 315

After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?

Answer options

• A. taskkill /PID/T /F
• B. taskkill /PID/IM /F
• C. taskkill /PID/S /U
• D. taskkill /PID/F /P

Correct answer: A

Explanation

The correct command, 'taskkill /PID/T /F', is designed to forcefully terminate a process and all of its child processes. The other options either lack the required parameters or do not accurately specify the termination of child processes, making them ineffective for this task.