CompTIA PenTest+ (PT0-003) — Question 66

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed?

Answer options

• A. Clear the Windows event logs.
• B. Modify the system time.
• C. Alter the log permissions.
• D. Reduce the log retention settings.

Correct answer: A

Explanation

The correct answer is A because clearing the Windows event logs effectively removes traces of activities, making it difficult for detection. Options B, C, and D do not necessarily remove evidence of actions taken and may still leave logs that could be analyzed to trace back to the tester's activities.