CompTIA PenTest+ (PT0-002) — Question 405

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.
Which of the following can be used to ensure the tester is able to maintain access to the system?

Answer options

• A. schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate.exe
• B. wmic startup get caption,command
• C. crontab -l; echo ג€@reboot sleep 200 && ncat -lvp 4242 -e /bin/bashג€) | crontab 2>/dev/null
• D. sudo useradd -ou 0 -g 0 user

Correct answer: A

Explanation

The correct answer is A because it creates a scheduled task that will run on system startup, allowing persistent access. Option B only retrieves the startup commands without providing a method to maintain access. Option C is designed for Unix-like systems and won't work in a Windows environment, while option D is for creating a new user with root privileges, which does not ensure persistent access to the existing system.