CompTIA PenTest+ (PT0-003) — Question 86

During an assessment, a penetration tester gains access to one of the internal hosts. Given the following command: schtasks /create /tn "Windows Update" /sc onlogon /tr “cmd.exe /c update.exe”
Which of the following is the penetration tester trying to do with this code?

Answer options

• A. Enumerate the scheduled tasks.
• B. Establish persistence.
• C. Deactivate the Windows Update functionality.
• D. Create a binary application for Windows System Updates.

Correct answer: B

Explanation

The command is creating a scheduled task that will execute a command every time a user logs on, which is a common technique to establish persistence on the system. The other options do not accurately reflect the action being taken: option A refers to listing tasks, option C implies disabling a feature rather than enabling a task, and option D suggests creating an application, which is not the intent of the command.