🔥 3-day streak
CompTIA PenTest+ (PT0-003)160 / 175
Question 160 of 175

During a penetration test, you have SYSTEM-level access on a Windows Server 2019 host that has RDP enabled and internet-facing. The client wants to evaluate persistence techniques that survive user logins but do not require valid credentials. You replace sethc.exe with cmd.exe so that pressing SHIFT five times at the login screen spawns a SYSTEM command prompt. Which category of post-exploitation activity does this technique BEST represent?

Reviewed for accuracy · Report an issueNext question