CertNexus Certified Cyber Secure Coder (CSC) — Question 11
During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?
Answer options
- A. iperf, traceroute, whois, ls, chown, cat
- B. iperf, wget, traceroute, dc3dd, ls, whois
- C. lsof, chmod, nano, whois, chown, ls
- D. lsof, ifconfig, who, ps, ls, tcpdump
Correct answer: D
Explanation
The correct answer is D because the commands included (lsof, ifconfig, who, ps, ls, tcpdump) are essential for monitoring network connections, viewing running processes, and gathering system information, which are critical during an investigation. Options A, B, and C include commands that are either less relevant or not as effective for a thorough investigation of suspicious activity on a Linux system.