Exam PT0-003 Topic 1 Question 114 Discussion
Actual exam question for CompTIA's PT0-003 exam
Question #: 114
Topic #: 1
Question #: 114
Topic #: 1
After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs:
2/10/2023 05:50AM C:\users\mgranite\schtasks /query
2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY
Which of the following best explains the team's objective?
2/10/2023 05:50AM C:\users\mgranite\schtasks /query
2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY
Which of the following best explains the team's objective?
Suggested Answer: D Vote an answer
The logs indicate that the penetration testing team's objective was to create persistence in the network.
Explanation:
* Log Analysis:
* schtasks /query: This command lists all the scheduled tasks on the system. It is often used to understand what tasks are currently scheduled and running.
* schtasks /CREATE /SC DAILY: This command creates a new scheduled task that runs daily.
Creating such a task can be used to ensure that a script or program runs regularly, maintaining a foothold in the system.
* Persistence:
* Definition: Persistence refers to techniques used to maintain access to a compromised system even after reboots or other interruptions.
* Scheduled Tasks: One common method of achieving persistence on Windows systems is by creating scheduled tasks that execute malicious payloads or scripts at regular intervals.
* Other Options:
* Enumerate Current Users: The logs do not show commands related to user enumeration.
* Determine Users' Permissions: Commands like whoami or net user would be more relevant for checking user permissions.
* View Scheduled Processes: While schtasks /query can view scheduled tasks, the addition of the schtasks /CREATE command indicates the intent to create new scheduled tasks, which aligns with creating persistence.
Pentest References:
* Post-Exploitation: Establishing persistence is a key objective after gaining initial access to ensure continued access.
* Scheduled Tasks: Utilizing Windows Task Scheduler to run scripts or programs automatically at specified times as a method for maintaining access.
By creating scheduled tasks, the penetration testing team aims to establish persistence, ensuring they can retain access to the system over time.
Explanation:
* Log Analysis:
* schtasks /query: This command lists all the scheduled tasks on the system. It is often used to understand what tasks are currently scheduled and running.
* schtasks /CREATE /SC DAILY: This command creates a new scheduled task that runs daily.
Creating such a task can be used to ensure that a script or program runs regularly, maintaining a foothold in the system.
* Persistence:
* Definition: Persistence refers to techniques used to maintain access to a compromised system even after reboots or other interruptions.
* Scheduled Tasks: One common method of achieving persistence on Windows systems is by creating scheduled tasks that execute malicious payloads or scripts at regular intervals.
* Other Options:
* Enumerate Current Users: The logs do not show commands related to user enumeration.
* Determine Users' Permissions: Commands like whoami or net user would be more relevant for checking user permissions.
* View Scheduled Processes: While schtasks /query can view scheduled tasks, the addition of the schtasks /CREATE command indicates the intent to create new scheduled tasks, which aligns with creating persistence.
Pentest References:
* Post-Exploitation: Establishing persistence is a key objective after gaining initial access to ensure continued access.
* Scheduled Tasks: Utilizing Windows Task Scheduler to run scripts or programs automatically at specified times as a method for maintaining access.
By creating scheduled tasks, the penetration testing team aims to establish persistence, ensuring they can retain access to the system over time.
by Arnold at Jun 29, 2025, 11:59 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).