Exam PT0-003 Topic 3 Question 217 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 217
Topic #: 3
Which of the following post-exploitation activities allows a penetration tester to maintain persistent access in a compromised system?

Suggested Answer: A Vote an answer

Maintaining persistent access in a compromised system is a crucial goal for a penetration tester after achieving initial access. Here's an explanation of each option and why creating registry keys is the preferred method:
Creating registry keys (Answer: A):
Modifying or adding specific registry keys can ensure that malicious code or backdoors are executed every time the system starts, thus maintaining persistence.
Advantages: This method is stealthy and can be effective in maintaining access over long periods, especially on Windows systems.
Example: Adding a new entry to the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key to execute a malicious script upon system boot.
References: Persistence techniques involving registry keys are common in penetration tests and are highlighted in various cybersecurity resources as effective methods to maintain access.
Installing a bind shell (Option B):
Explanation: A bind shell listens on a specific port and waits for an incoming connection from the attacker.
Drawbacks: This method is less stealthy and can be easily detected by network monitoring tools. It also requires an open port, which might be closed or filtered by firewalls.
Executing a process injection (Option C):
Explanation: Process injection involves injecting malicious code into a running process to evade detection.
Drawbacks: While effective for evading detection, it doesn't inherently provide persistence. The injected code will typically be lost when the process terminates or the system reboots.
Setting up a reverse SSH connection (Option D):
Explanation: A reverse SSH connection allows the attacker to connect back to their machine from the compromised system.
Drawbacks: This method can be useful for maintaining a session but is less reliable for long-term persistence.
It can be disrupted by network changes or monitoring tools.
Conclusion: Creating registry keys is the most effective method for maintaining persistent access in a compromised system, particularly in Windows environments, due to its stealthiness and reliability.

by Katherine at Oct 03, 2025, 02:05 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10