During a penetration test, a team sets up several remote servers to manage their operations. Before finalizing the job, which strategy shuts down those resources while retaining logs for potential forensic analysis?
Terminate the remote hosts and save any relevant records to a secured offline location
Disable their network services and leave the hosts running for a convenient restart
Transfer logs into a shared folder on the same hosts and then lock existing accounts
Keep the remote hosts powered but remove user-level access
Archiving the logs in a protected location and terminating the remote servers prevents lingering systems from becoming a cost or security liability. Keeping servers powered in any capacity remains a risk. Simply disabling network interfaces or storing logs on an exposed share could leave the environment vulnerable or lose critical audit data once the servers are reactivated or accessed by others.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to terminate remote hosts instead of just disabling network services?
Open an interactive chat with Bash
How should logs be securely stored for forensic analysis post-termination?
Open an interactive chat with Bash
What risks are associated with storing logs on the same servers?