During the cleanup and restoration phase of a penetration test, which action BEST reduces the likelihood that another attacker could recover and reuse artifacts the testers placed on target hosts?
Change the file permissions of payloads to read-only and rename them with a .bak extension.
Compress all artifacts into a password-protected archive and leave the file on the host for future reference.
Move the artifacts to a hidden directory and set the hidden attribute so normal users will not see them.
Sanitize or securely erase the tester-created files using NIST SP 800-88 clearing or purging methods before deleting them.
Following recognized media-sanitization guidance-such as using overwriting, cryptographic erase, or other NIST SP 800-88 clearing/purging techniques-renders tester-created files unrecoverable. Simply compressing, renaming, hiding, or changing permissions only obscures the artifacts; the data can still be restored with basic forensic tools, leaving the environment exposed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to eliminate leftover artifacts after infiltration tasks?
Open an interactive chat with Bash
What are some common examples of leftover artifacts?
Open an interactive chat with Bash
How do penetration testers ensure complete artifact removal?