Under the “Post-attack Phase and Activities”, it is the responsibility of the tester to restore the systems to a pretest state.
Which of the following activities should not be included in this phase? (see exhibit)
Exhibit:
A.
III
B.
IV
C.
III and IV
D.
All should be included.
Explanation:
The post-attack phase revolves around returning any modified system(s) to the pretest state. Examples of such
activities:
Removal of any files, tools, exploits, or other test-created objects uploaded to the system during testing
Removal or reversal of any changes to the registry made during system testingReferences: Computer and Information Security Handbook, John R. Vacca (2012), page 531