• Post author:
  • Post category:Blog
  • Reading time:1 mins read
  • Post last modified:June 12, 2024

After compromising a system during a penetration testing engagement, all penetration work should be cleaned up, including extra files, system changes, and modified logs. The media sanitation methodology should be discussed with the client and the owner of the affected systems. What document guides media sanitation?

  • NIST SP 800-88
  • OWASP ZAP
  • OSSTMM
  • PCI DSS

Explanation & Hint:

After a penetration testing engagement is complete, all the systems should be cleaned up. Logs should be suppressed, user accounts deleted, and any files that were created as well. A secure deletion method may be preferred. NIST Special Publication 800-88, Revision 1: “Guidelines for Media Sanitization,” guides media sanitation. This methodology should be discussed with the client and the owner of the affected systems.

For more Questions and Answers:

8.3.3 Quiz – Performing Post-Exploitation Techniques Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments