Question

A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the actions should the penetration tester use to maintain persistence to the device? (Select TWO)

a. Install a backdoor
b. Delete system logs
c. Use strong passwords
d. Disable antivirus

Answer 1

The correct answer is option a and b. To maintain persistence on a compromised device, a penetration tester should install a backdoor for remote access and delete system logs to reduce the chances of the intrusion being detected.

Step-by-step explanation:

In the scenario where a penetration tester has gained access to a marketing employee's device and seeks to maintain persistence even if the initial access is discovered, there are certain techniques that can be employed. To ensure persistence, the most relevant actions from the given options would be to:

• Install a backdoor: This involves placing software or a set of commands that allows for remote access to the device. A backdoor can provide continued access to the system without needing to exploit the initial vulnerability again.
• Delete system logs: By clearing or manipulating logs, a penetration tester reduces the likelihood that the initial intrusion will be noticed by system administrators or security tools, potentially allowing the unauthorized access to remain unnoticed for a longer period.

Utilizing strong passwords and disabling antivirus software may provide benefits to securing or exploiting a system initially, but do not directly contribute to maintaining persistence once access is gained.