Which of the following actions is the tester MOST likely performing?

A penetration tester gains access to a system and establishes persistence, and then runs the following commands:

cat /dev/null > temp

touch Cr .bash_history temp

mv temp .bash_history

Which of the following actions is the tester MOST likely performing?
A . Redirecting Bash history to /dev/null
B. Making a copy of the user’s Bash history for further enumeration
C. Covering tracks by clearing the Bash history
D. Making decoy files on the system to confuse incident responders

Answer: C

Explanation:

Reference: https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover-your-tracks-remain-undetected-0244768/

Latest PT0-002 Dumps Valid Version with 110 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments