nerdexam
ExamsPT0-001Questions#87
CompTIA

PT0-001 · Question #87

PT0-001 Question #87: Real Exam Question with Answer & Explanation

The correct answer is D: history -c. The bash built-in command 'history -c' clears the in-memory command history list for the active session, preventing those commands from being persisted to the history file on exit.

Post-exploitation and lateral movement

Question

A penetration tester has successfully exploited an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?

Options

  • Ahistory --remove
  • Bcat history I clear
  • Crm -f ./history
  • Dhistory -c

Explanation

The bash built-in command 'history -c' clears the in-memory command history list for the active session, preventing those commands from being persisted to the history file on exit.

Common mistakes.

  • A. 'history --remove' is not a valid flag for the bash history built-in; no such option exists in the bash manual.
  • B. 'cat history | clear' is a nonsensical command - 'clear' redraws the terminal screen and does not accept piped input or interact with shell history in any way.
  • C. 'rm -f ./history' attempts to delete a file named 'history' in the current working directory, which is not the bash history file; the actual history file is located at ~/.bash_history.

Concept tested. Linux bash history clearing for session anti-forensics

Reference. https://www.gnu.org/software/bash/manual/html_node/Bash-History-Builtins.html

Topics

#command history#anti-forensics#Linux shell#evidence removal

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-001 Practice