A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port.
Upon investigation, the origin host that initiated the socket shows this output:
udera@host>history ‌‌‌‌‌‌‌‌‌mkdir /local/usr/bin/somedirectory ‌‌‌‌‌‌‌‌‌nc -1 192.168.5.1 -p 9856 ‌‌‌‌‌‌‌‌‌ping -c 30 8.8.8.8 -s 600 ‌‌‌‌‌‌‌‌‌rm -rm /etc/dir2/somefile ‌‌‌‌‌‌‌‌‌rm -rm /etc/dir2/ ‌‌‌‌‌‌‌‌‌traceroute 8.8.8.8 ‌‌‌‌‌‌‌‌‌pskill pid 9487 usera@host>
Given the above output, which of the following commands would have established the questionable socket?

Question

A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port.
Upon investigation, the origin host that initiated the socket shows this output:

  udera@host>history 
      ‌‌‌‌‌‌‌‌‌mkdir /local/usr/bin/somedirectory 
  ‌‌‌‌‌‌‌‌‌nc -1 192.168.5.1 -p 9856 
  ‌‌‌‌‌‌‌‌‌ping -c 30 8.8.8.8 -s 600 
  ‌‌‌‌‌‌‌‌‌rm -rm /etc/dir2/somefile 
  ‌‌‌‌‌‌‌‌‌rm -rm /etc/dir2/ 
  ‌‌‌‌‌‌‌‌‌traceroute 8.8.8.8 
  ‌‌‌‌‌‌‌‌‌pskill pid 9487 
 usera@host>

Given the above output, which of the following commands would have established the questionable socket?

Examsnet · Accepted Answer

Correct Answer is : nc -1 192.168.5.1 -p 9856

Comp TIA Security + Certification Questions Part 4