Web shells provide remote access and persistence for attackers. The best mitigation is to remove persistence mechanisms.
Remove the persistence mechanisms (Option A):
Attackers often modify startup scripts, cron jobs, or registry keys to maintain access.
If persistence is not removed, even after the web shell is deleted, attackers can reinstall or reaccess it.
[Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Removing Persistent Web Shells", Incorrect options:, Option B (Spin down the infrastructure): Shutting down servers does not remove the persistence., Option C (Preserve artifacts): Important for forensics but does not prevent exploitation., Option D (Perform secure data destruction): Secure wipe is useful but not always feasible for a production system., ]
Submit