CompTIA PenTest+ (PT0-003) — Question 188

A tester compromises a shared host that is manually audited every week due to the absence of a SIEM.

Which of the following is the best way to reduce the chances of being detected?

Answer options

• A. Modify files located in the /var/log directory.
• B. Use the clear command to remove recent terminal activity.
• C. Perform commands under one of the developer accounts.
• D. Disable all logging services on the host.

Correct answer: C

Explanation

Executing commands under a developer account is less likely to raise suspicion and can blend in with legitimate activities, making it the best option. Modifying log files, clearing terminal history, or disabling logging services could draw attention and are not sustainable solutions, as they can easily be detected during audits.