CompTIA PenTest+ (PT0-002) — Question 319

A penetration tester is doing an assessment for a company that requires an external command-and-control server. The command-and-control tool should be able to use multiple types of payloads (PowerShell, SMB, and binaries) and centralize the management of compromised systems. Which of the following tools should the tester use?

Answer options

• A. BeEF
• B. Covenant
• C. Censys
• D. Reaver

Correct answer: B

Explanation

Covenant is designed specifically for command-and-control operations and supports multiple payload types while providing centralized management. BeEF is focused on browser exploitation, Censys is a search engine for internet-connected devices, and Reaver is primarily used for Wi-Fi password cracking, making them unsuitable for the requirements stated.