Question 153 of 270 from exam CAS-003: CompTIA CASP+

Question 153 of 270 from exam CAS-003: CompTIA CASP+

Prev Question Next Question

Question

A forensic analyst suspects that a buffer overflow exists in a kernel module.

The analyst executes the following command:

dd if=/dev/ram of=/tmp/mem/dmp The analyst then reviews the associated output: “34 °#RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /bin/bash*21*03#45

However, the analyst is unable to find any evidence of the running shell.

Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

Prev Question Next Question