Home > CompTIA PenTest+ Certification > Quizzes > CompTIA PenTest+ Certification Exam: Post-Exploitation
CompTIA PenTest+ Certification Exam: Post-Exploitation
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 0% Most missed: “Group Policy Preferences (GPP) was introduced in Windows 2008 Server and allows …”
CompTIA PenTest+ Certification Exam: Post-Exploitation
Time left 00:00
7 Questions

1. Group Policy Preferences (GPP) was introduced in Windows 2008 Server and allows domain administrators to create domain policies to automate tedious tasks, such as changing the local Administrator account password on the host operating system. Each policy is created with an encrypted password (cPassword) embedded within the policy, and each policy is stored in SYSVOL, which is accessible to any user that is a member of the domain. During a pentest, you successfully mount the SYSVOL volume using user-level privileges on the domain. The domain server is a Windows 2012 server. Which file will contain the cPassword entry?
2. During a pentest, you successfully compromised user-level access to a Linux host within your customer’s network. The user’s default shell is Bash. Which command syntax could you use to suspend command recording for your terminal session?
3. You find that the user account “user1” you just compromised might be permitted to execute privileged commands on the system using sudo. After you suspend command recording in your terminal window, you execute the sudo -l command and are not prompted for a password. To your surprise, the account can execute all commands on the operating system and you still are not prompted for a password. Which setting in the /etc/sudoers file would allow the user to execute commands without a password?
4. During a pentest, you use the wmic command to identify unquoted service paths. You were able to find a path at C:\Program Files (x86)\data\shared files\vulnerable.exe and used accesschk.exe to find that you have write privileges in the “data” directory. To escalate privileges the next time the service is executed, you need to lay down an executable that will execute within the service path. What is the correct name for the executable that you should create?
5. During a pentest, you come across an SSH private key (id_rsa) in a user’s home directory and suspect that this key can be used to remotely log in to other Linux hosts. However, before you try to use the key, you want to compare the key to the contents of the authorize_keys file to ensure it matches one of the public keys stored in the file. Which command would you run to generate a public key from the private key?
6. One important step during post-exploitation is to gain situational awareness to gather important knowledge of the host and internal network. Which of the following techniques from the MITRE ATT&CK framework are identified as “discovery” tactics?
7. A ____________________ is unique and is used to identify each instance of a Windows service. In Windows, Kerberos requires that ____________________ be associated with at least one service logon account (i.e., the account that runs the service).