312-49 Question #628: Real Exam Question with Answer & Explanation

The correct answer is B: lsmod. 'lsmod' (list modules) is the standard Linux command for displaying all kernel modules currently loaded into memory. It reads data from /proc/modules and presents it in a human-readable table showing each module's name, memory size, and use count (number of other modules dependin

Submitted by haruto_sh· Apr 18, 2026Malware Forensics

Question

Which command can provide the investigators with details of all the loaded modules on a Linux- based system?

Options

Alist modules -a
Blsmod
Cplist mod -a
Dlsof -m

Explanation

'lsmod' (list modules) is the standard Linux command for displaying all kernel modules currently loaded into memory. It reads data from /proc/modules and presents it in a human-readable table showing each module's name, memory size, and use count (number of other modules depending on it). Forensic investigators use lsmod to detect rootkits or unauthorized kernel modules that attackers may have loaded to hide processes, intercept system calls, or otherwise manipulate system behavior.

Topics

#Linux commands#Kernel modules#System investigation#Forensic tools

Community Discussion

No community discussion yet for this question.

Full 312-49 Practice Browse All 312-49 Questions