Exam PT0-002 topic 1 question 14 discussion

sdelete is used to delete files and folders. This command would delete any folder with mimikatz.*

Agree with Manzer

C. To remove tools from the server The command sdelete mimikatz.* uses SDelete (a secure delete tool from Sysinternals) to securely delete files related to Mimikatz, a post-exploitation tool commonly used to extract credentials from memory, dump password hashes, and more. The purpose of running this command is to ensure that traces of the tool are completely removed from the compromised server to cover the tester's tracks.

SDelete is a command line utility that takes a number of options. In any given use, it allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. SDelete accepts wild card characters as part of the directory or file specifier.

The reason a penetration tester would run the command `sdelete mimikatz.*` on a Windows server that the tester compromised is: C. To remove tools from the server `sdelete` is a command-line utility that securely deletes files, making them unrecoverable. Running `sdelete mimikatz.*` would securely delete the Mimikatz tool and any related files from the server, helping to cover the tester's tracks by removing evidence of the tool's presence and use.

The command `sdelete` is a command-line utility that can be used to securely delete files and cleanse free space on a disk in Windows. `Mimikatz` is a well-known tool used by attackers (and penetration testers) to extract plaintext passwords, hash, PIN code, and Kerberos tickets from memory. In the context of the given command `sdelete mimikatz.*`, the intention is to securely delete all files related to Mimikatz from the compromised server. So the correct answer to this question would be: C. To remove tools from the server.

vote for C

The sdelete command is used to securely delete files or free space on a hard drive by overwriting them with random data. Mimikatz is a tool that can be used to extract sensitive information such as passwords from a compromised Windows system.

The reason why a penetration tester would run the command sdelete mimikatz.* on a Windows server that the tester compromised is option C: To remove tools from the server. Explanation: Sdelete is a Windows command-line utility that securely deletes files and folders from a disk by overwriting the data with zeroes or random characters. Mimikatz is a post-exploitation tool that can be used to extract passwords and other sensitive information from a compromised Windows system. In this scenario, the penetration tester has compromised the Windows server and has used Mimikatz to extract sensitive information. The command sdelete mimikatz.* is used to securely delete the Mimikatz tool and any related files from the system to avoid leaving traces of the attack.

CCCCCCCC

SDelete is a command-line utility used to securely delete files, directories and registry entries. It can also be used to remove traces of Mimikatz, a tool used to manipulate Windows authentication mechanisms. To use SDelete to remove Mimikatz, you must enter the command "sdelete -p 1 mimikatz.*" in elevated command prompt. This will overwrite all files that contain the string "mimikatz" with random data, thus removing any trace of Mimikatz from your computer.

The most likely reason why a penetration tester would run the command sdelete mimikatz.* on a Windows server is C. To remove tools from the server. This command can be used to securely delete any tools or malicious files that the tester may have installed while compromising the system, such as Mimikatz or any other malicious code.

Correct Answer is C