Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Comptia Discussions

Exam PT0-001 topic 1 question 7 discussion

Actual exam question from CompTIA's PT0-001
Question #: 7
Topic #: 1
[All PT0-001 Questions]

A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the following actions should the penetration tester use to maintain persistence to the device? (Select TWO.)

  • A. Place an entry in HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1.
  • B. Place an entry in C:\windows\system32\drivers\etc\hosts for 12.17.20.10 badcomptia.com.
  • C. Place a script in C:\users\%username\local\appdata\roaming\temp\au57d.ps1.
  • D. Create a fake service in Windows called RTAudio to execute manually.
  • E. Place an entry for RTAudio in HKLM\CurrentControlSet\Services\RTAudio.
  • F. Create a schedule task to call C:\windows\system32\drivers\etc\hosts.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by mr_robot at April 3, 2020, 5:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
mr_robot
Highly Voted 4 years ago
I would go for A and C.
upvoted 9 times
...
kloug
Most Recent 1 year, 2 months ago
a,c correct
upvoted 1 times
...
miabe
1 year, 9 months ago
Selected Answer: AE
looks good to me
upvoted 1 times
...
americaman80
2 years, 11 months ago
I think whoever wrote this question simply missed putting Windows in the path. I'm going with A and C.
upvoted 1 times
...
MOsama1
3 years ago
Dears, All of them wrong, except, B, E, F, A- the path is wrong. C- it is wrong. the path is wrong. D- wrong. sure, i will not do it manually. E- it is wrong. the path is wrong. as per above, it will be B and F
upvoted 1 times
dyers
2 years, 11 months ago
Sorry A & C is still the most likely. If you're expecting the choices to have no mistakes such as partial paths missing, you haven't been here long. B and F make no sense, do you even know what the host file does? How are you getting the user to browse to badcomptia.com to regain access? Scheduled task to call the hosts file, wtf does that even mean, it's not an executable.
upvoted 3 times
...
...
boyladdudeman
3 years, 1 month ago
B, F, no? Thats the combo that works, creating the right place and calling the right place.
upvoted 2 times
...
RedbyNight
3 years, 2 months ago
I think that it might be A and E. A is one of the recognised places in the registry to get the system to run files (there are 20!!) I can't see the logic of C. What is going to run the code in this location? For a start, housekeeping may clear it. MS also say that it's best practice NOT to exclude it for scans E. Seems the perfect way to create persistence. It also follows one of the ideas from Jason Dion: 'installing a fake service or inserting code into an existing service is a powerful technique'
upvoted 1 times
...
qss88
3 years, 4 months ago
The right correct varient is A and E
upvoted 1 times
bigwilly69
3 years, 4 months ago
what is this answer based on? this is a serious website, don't go throwing answers around willy nilly
upvoted 3 times
[Removed]
3 years, 3 months ago
DO Not be throwing answers around willy nilly... we got bigwilly, silly :) Sorry, Study brain is at an all-time stress lol
upvoted 2 times
...
...
someguy1393
3 years, 4 months ago
Can you expand on why E is the correct option?
upvoted 2 times
...
...
khuno
3 years, 9 months ago
can't be A. It is missing windows in the path. HKLM\Software\Microsoft\CurrentVersion\Run to call au57d.ps1. HKLM\Software\Microsoft\Windows\CurrentVersion\Run to call au57d.ps1.
upvoted 2 times
TheThreatGuy
3 years, 3 months ago
Based on the other answers, I assume there is a typo here... A & C makes the most sense with what we've got. Add the script to the temp directory, then use the registry to call it.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel