Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam PT0-003 Topic 4 Question 12 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 12
Topic #: 4
[All PT0-003 Questions]

Which of the following post-exploitation activities allows a penetration tester to maintain persistent access in a compromised system?

Show Suggested Answer Hide Answer
Suggested Answer: A

Maintaining persistent access in a compromised system is a crucial goal for a penetration tester after achieving initial access. Here's an explanation of each option and why creating registry keys is the preferred method:

Creating registry keys (Answer: A):

Advantages: This method is stealthy and can be effective in maintaining access over long periods, especially on Windows systems.

Example: Adding a new entry to the HKLMSoftwareMicrosoftWindowsCurrentVersionRun registry key to execute a malicious script upon system boot.

Drawbacks: This method is less stealthy and can be easily detected by network monitoring tools. It also requires an open port, which might be closed or filtered by firewalls.

Executing a process injection (Option C):

Drawbacks: While effective for evading detection, it doesn't inherently provide persistence. The injected code will typically be lost when the process terminates or the system reboots.

Setting up a reverse SSH connection (Option D):

Drawbacks: This method can be useful for maintaining a session but is less reliable for long-term persistence. It can be disrupted by network changes or monitoring tools.

Conclusion: Creating registry keys is the most effective method for maintaining persistent access in a compromised system, particularly in Windows environments, due to its stealthiness and reliability.


Installing a bind shell (Option B):

by Ling at Sep 19, 2024, 03:25 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Hannah
2 months ago
This is a no-brainer, folks. If you want to maintain access, a rHannahrse SSH connection is the way to do it. It's like having a secret backdoor, but with a fancy name.
upvoted 0 times
...
Juan
2 months ago
You know, I was tempted to choose A, but then I remembered that registry keys can be easily detected. Gotta go with the sneakier option, D.
upvoted 0 times
Ivette
6 days ago
Definitely, D is a stealthier approach compared to A.
upvoted 0 times
...
Veronika
9 days ago
I think D is the best option for maintaining persistent access.
upvoted 0 times
...
Ira
10 days ago
Yeah, D is a good way to maintain access without being easily detected.
upvoted 0 times
...
Carrol
1 months ago
I agree, A can be risky. D seems like a safer choice.
upvoted 0 times
...
...
Staci
2 months ago
Nah, I'm going with C. Process injection is where it's at for persistent access. More stealthy than a bind shell, in my opinion.
upvoted 0 times
...
Viva
2 months ago
I'd go with B. Installing a bind shell is a classic technique for keeping that foothold in the system.
upvoted 0 times
...
Nicolette
2 months ago
Hmm, I think option D is the way to go. Setting up a reverse SSH connection seems like a solid way to maintain persistent access.
upvoted 0 times
Buffy
1 months ago
Installing a bind shell might be another option to consider.
upvoted 0 times
...
Soledad
1 months ago
Creating registry keys could also work for maintaining access.
upvoted 0 times
...
Phuong
1 months ago
I agree, setting up a reverse SSH connection is a good choice.
upvoted 0 times
...
...
Dorothy
2 months ago
Haha, you know what they say: 'The best way to maintain access is to nDorothyr lose it in the first place!' But if I had to choose, I'd go with D. RDorothyrse SSH is the way to go, my friends.
upvoted 0 times
...
Lucina
2 months ago
Ah, the age-old question of post-exploitation persistence. I'd have to say D - the reverse SSH connection is the way to go. Gotta love that sneaky remote access!
upvoted 0 times
Tula
1 months ago
User 2: Installing a bind shell can also be useful for persistence.
upvoted 0 times
...
Lilli
1 months ago
User 3: Creating registry keys is another method to consider for post-exploitation activities.
upvoted 0 times
...
Gregoria
1 months ago
I agree, setting up a reverse SSH connection is key for maintaining access.
upvoted 0 times
...
...
Tien
2 months ago
C is interesting, but I'm not sure if process injection is the best long-term solution. I'm leaning towards D as well.
upvoted 0 times
Layla
1 months ago
D) Setting up a reverse SSH connection
upvoted 0 times
...
Francine
1 months ago
C) Executing a process injection
upvoted 0 times
...
Leontine
1 months ago
B) Installing a bind shell
upvoted 0 times
...
Dean
2 months ago
A) Creating registry keys
upvoted 0 times
...
...
Judy
3 months ago
I'm torn between B and D. A bind shell or a reverse SSH connection could both work, but I think the reverse SSH might be a bit more subtle.
upvoted 0 times
Arlyne
2 months ago
True, but I think a reverse SSH connection is harder to detect.
upvoted 0 times
...
Stefania
2 months ago
Creating registry keys could also help maintain access.
upvoted 0 times
...
Stefania
2 months ago
Yeah, it's more stealthy than installing a bind shell.
upvoted 0 times
...
Magnolia
2 months ago
I think setting up a reverse SSH connection is the way to go.
upvoted 0 times
...
...
Josephine
3 months ago
I'm not sure, but I think both B) and D) could be used for maintaining persistent access.
upvoted 0 times
...
Mertie
3 months ago
Hmm, I'd go with D. Setting up a reverse SSH connection seems like the most reliable way to maintain access.
upvoted 0 times
Kenneth
2 months ago
I think installing a bind shell could also work well for maintaining access.
upvoted 0 times
...
Edmond
3 months ago
I agree, setting up a reverse SSH connection is a good choice.
upvoted 0 times
...
...
King
3 months ago
I disagree, I believe the correct answer is D) Setting up a reverse SSH connection.
upvoted 0 times
...
Lavina
3 months ago
I think the answer is B) Installing a bind shell.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77