Test Bank Chapter 8 Performing Post-Exploitation Techniques

CompTIA® PenTest+ Cert Guide

Chapter 8 Performing Post-Exploitation Techniques

1) Which of these is not a way to help you maintain persistence of a compromised system?

A) Creating new users

B) Manipulating scheduled tasks

C) Creating a bind or reverse shell

D) Downloading the password hash

2) Which of these is the definition of a reverse shell?

A) The attacker opens up a port or listener on their own system and waits for a connection

B) The attacker opens up a port or listener on the victim’s system and waits for a connection

C) The victim’s system initiates a connection back to the attacking system

D) The attacking system initiates a connection to the victim’s system

3) Which of these tools might you use to create a bind shell?

A) Meterpreter

B) Jailbreak

C) VMWare

D) TCP

4) Which of these Netcat commands would listen on a given TCP port:

A) nc -lvp <port>

B) nc -nv <IP Address> <port>

C) nc -z <IP Address> <port range>

D) nc -lvp 1234 > output.txt

5) What is a C2 system?

A) A compromised system that receives commands from an attacker

B) A system that sends commands and instructions to compromised systems?

C) An intermediary system between an attacker and a victim system

D) An unwitting victim system used to attack other systems, as in a DDoS attack

6) After you compromise a system, you will need to __________ in order to create additional accounts?

A) Know the admin password

B) Obtain administrator (root) access to the system

C) Reboot

D) Access the location of the password has file

7) The goal of pivoting is to:

A) Obtain the password hash

B) Perform post-exploitation scans

C) Move from one device to another

D) Introduce a keylogger

8) An important way to mitigate lateral movement is:

A) Network segmentation

B) Implementing strong file encryption

C) Keeping user account names private

D) Encrypt virtual machine data

9) Which of these is not a remote access protocol that could be used to communicate with a compromised system?

A) VNC

B) RDP

C) X server forwarding

D) SMTP

10) What is the PowerShell command for listing directories?

A) Get-Directories

B) Select-String -path

C) Get-ChildItem

D) Ls-dir

11) What is PowerSploit?

A) A collection of PowerShell modules

B) An alternative command shell to PowerSploit

C) A GUI for Linux

D) A Linux distribution

12) What can you do with Sysinternals?

A) Pull event logs

B) Change passwords

C) Make changes to Windows services

D) All of the above

13) Which of these is not something you should do to clean up a system after penetration testing?

A) Delete any user accounts you created during the test

B) Return configuration settings to their original values and parameters

C) Remove all backdoors and rootkits installed

D) Reformat all hard drives

14) How can WMI be used for post-exploitation tasks?

A) You can use it to sign into other clients on the same network

B) You can write WMI scripts to automate future exploitation tasks on the target system

C) You can run PowerShell commands from the WMI command prompt

D) You can use remote access protocols built into WMI to access other systems

15) What does the following command do on a Windows system?
nc -lvp 1234 -e cmd.exe

A) Executes the cmd.exe command prompt utility

B) Opens a command prompt and runs the command lvp with the 1234 option

C) Opens a command prompt and runs the command 1234 with the -e option

D) Nothing, because cmd.exe is a Linux command

16) What does the nc -lvp 666 command do?

A) Creates a reverse shell

B) Creates a bind shell

C) Opens an application

D) Logs out the current user

17) Which of these is not a common Meterpreter command?

A) lpwd

B) clearev

C) execute

D) bind

18) Which of these utilities can be used to create a C2?

A) socat

B) Twittir

C) PowerServe

D) C2-MAKR

19) What Windows utility can you use to schedule tasks?

A) Disk Management

B) Services.msc

C) Windows Task Scheduler

D) User Account Control

20) To retain a post-exploitation presence on a system, it is important to:

A) Not allow the system to reboot

B) Avoid detection

C) Create additional user accounts

D) Delete all Administrator accounts that could potentially remove your presence