During the final cleanup phase of a network penetration test, an analyst discovers several privilege-escalation binaries and custom backdoors that were previously deployed for command-and-control. Which action will most effectively return the servers to a stable, production-ready state before the engagement is closed?
Permanently delete all remaining infiltration tools and their associated persistence mechanisms from every server
Rename the infiltration binaries with non-standard extensions so host-based security tools will ignore them
Leave one copy of the infiltration toolkit on a domain controller to simplify reentry during future tests
Quarantine the infiltration tools by moving them to an encrypted archive on each server for later review
Completely deleting the binaries, scripts, and any scheduled tasks or registry keys that launch them removes the unintended risk permanently and restores the system to its original state. Simply quarantining or renaming the software leaves artifacts that could be misused or confuse future audits, while retaining any attack toolkit is explicitly contrary to standard cleanup guidelines.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to delete infiltration software from system directories?
Open an interactive chat with Bash
What are system directories, and why are they significant for security?
Open an interactive chat with Bash
What are standard cleanup practices, and why should they be followed in assessments?