SY0-501 · Question #435
SY0-501 Question #435: Real Exam Question with Answer & Explanation
Sign in or unlock SY0-501 to reveal the answer and full explanation for question #435. The question stem and answer options stay visible for context.
Question
A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output: usera@host>history mkdir /local/usr/bin/somedirectory nc -1 192.168.5.1 -p 9856 ping -c 30 8.8.8.8 -a 600 rm /etc/dir2/somefile rm -rm /etc/dir2/ traceroute 8.8.8.8 pakill pid 9487 usera@host> Given the above output, which of the following commands would have established the questionable socket?
Options
- Atraceroute 8.8.8.8
- Bping -1 30 8.8.8.8 -a 600
- Cnc -1 192.168.5.1 -p 9856
- Dpskill pid 9487
Unlock SY0-501 to see the answer
You've previewed enough free SY0-501 questions. Unlock SY0-501 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.