CompTIA PenTest+ (PT0-003) — Question 77

A penetration tester gains shell access to a Windows host. The tester needs to permanently turn off protections in order to install additional payload. Which of the following commands is most appropriate?

Answer options

• A. sc config <svc_name> start=disabled
• B. sc query state= all
• C. pskill <pid_svc_name>
• D. net config <svc_name>

Correct answer: A

Explanation

The correct command, 'sc config <svc_name> start=disabled', sets the specified service to a disabled state, preventing it from starting and thus allowing the installation of additional payloads. The other options do not achieve this goal: 'sc query state= all' merely retrieves service information, 'pskill <pid_svc_name>' terminates a process but does not disable it permanently, and 'net config <svc_name>' is not a valid command for disabling services.