The audit department at a company requires proof of exploitation when conducting internal
network penetration tests. Which of the following provides the MOST conclusive proof of
compromise without further compromising the integrity of the system?
A.
Provide a list of grabbed service banners.
B.
Modify a file on the system and include the path in the test’s report.
C.
Take a packet capture of the test activity.
D.
Add a new test user account on the system.