After a PenTest engagement, which area should be addressed during post-engagement cleanup?

During post-engagement cleanup, the focus is on removing artifacts created for the test so the environment isn’t left with new, unintended access points. The most important step is removing any shells or backdoors that were placed to gain or maintain access during the assessment. If a shell remains, it could be exploited by someone after the engagement ends, defeating the purpose of a clean, safe takeaway and potentially exposing the client to risk. Restoring the system to its pre-test state also often involves removing temporary accounts and tools used for the test. Other tasks like patch deployment and log retention serve different purposes: patching addresses vulnerabilities found, and keeping logs supports evidence and auditing. They’re important, but they aren’t the cleanup action that directly prevents lingering access.