Correct Answer for the Question – Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell? is given below
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command: dd if=/dev/ram of=/tmp/mem/dmpThe analyst then reviews the associated output:^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45However, the analyst is unable to find any evidence of the running shell.Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
The NX bit is enabled
The system uses ASLR
The shell is obfuscated
The code uses dynamic libraries
Correct Answer
The Correct Answer for this Question is
The shell is obfuscated
Explanation
The Question – Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell? has been answered correctly and answers for the question is The shell is obfuscated
More about these Exams
These Exam Questions and the order of these questions keep changing. but the answers are obviously same. so if you don’t find a question after another we suggest you search it in the search box and we are sure you’ll find it. you can bookmark this site for Quick access in future.
We hope you found it helpful don’t forget to leave a comment if you feel a need to correct or ask we’re always here to help.
you can find more here at mnccertified
Feel free to contact via comment or email.
Happy Learning
Cheers, Team MNCcertified