CompTIA PenTest+ PT0-002 – Question002

A penetration tester gains access to a system and establishes persistence, and then run the following commands:

Which of the following actions is the tester MOST likely performing?

A.
Redirecting Bash history to /dev/null
B. Making a copy of the user's Bash history to further enumeration
C. Covering tracks by clearing the Bash history
D. Making decoy files on the system to confuse incident responders