CompTIA CySA+ (CS0-003) — Question 70

During the log analysis phase, the following suspicious command is detected:

php preg)replace(‘ /.*/e’, ‘system(“ping -c 4 10.0.0.1”);’, ‘’; ?

Which of the following is being attempted?

Answer options

• A. Buffer overflow
• B. RCE
• C. ICMP tunneling
• D. Smurf attack

Correct answer: B

Explanation

The command is attempting to execute a system command, which indicates a Remote Code Execution (RCE) attempt. The other options do not involve executing system commands directly; a buffer overflow typically involves manipulating memory, ICMP tunneling is a technique used for covert communication, and a Smurf attack is a type of denial-of-service attack that uses ICMP packets.