🔥 3-day streak
CompTIA PenTest+ (PT0-003)13 / 175
Question 13 of 175
During the cleanup phase of an authorized internal penetration test, you must restore a compromised Windows Server 2019 host to its pre-test state. Earlier in the engagement, you uploaded a custom credential-dumping tool to C:\Windows\Temp, created a local service named 'SysUpdate' for persistence, and modified a registry Run key. The client's SOW explicitly requires that all testing artifacts be removed and that any actions taken be documented for the final report. Which approach BEST satisfies the cleanup requirements for this engagement?
Reviewed for accuracy · Report an issueNext question