CompTIA PenTest+ (PT0-003) — Question 108

After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs:

2/10/2023 05:50AM C:\users\mgranite\schtasks /query
2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY

Which of the following best explains the team's objective?

Answer options

• A. To enumerate current users
• B. To determine the users' permissions
• C. To view scheduled processes
• D. To create persistence in the network

Correct answer: D

Explanation

The correct answer is D because the log entries indicate the creation of a scheduled task, which is a common technique used to ensure that a malicious program can run again after a system reboot. Options A, B, and C do not accurately reflect the intent behind creating a scheduled task, as they focus on user enumeration, permission checks, or simply viewing tasks rather than establishing persistence.