Under the “Post-attack Phase and Activities”, it is the responsibility of the tester to restore the systems to a pretest state.
Which of the following activities should not be included in this phase? (see exhibit)
Exhibit:
A.
III
B.
IV
C.
III and IV
D.
All should be included.
Explanation:
The post-attack phase revolves around returning any modified system(s) to the pretest state. Examples of such
activities:
Removal of any files, tools, exploits, or other test-created objects uploaded to the system during testing
Removal or reversal of any changes to the registry made during system testingReferences: Computer and Information Security Handbook, John R. Vacca (2012), page 531
Is maintaining a backdoor okay?
Or the answer is C?
Not in an ethical sense. Maintaining a backdoor is unethical and should not be done.
Looking into it more, it looks like it’s saying the removal of the backdoor instead of how you’re reading it as continued use of the back door. Correct answer is still A.