NCAE Mapping Hub
Overview Scoreboard Data Roles Exercised Checklists Lessons Skill Drills Practice Terminal Progress
performance hard Apply proc-forensics 2 points

Question 28. CSCD240-E1-B

Suspect PID 31337 is a reverse shell. Print its full command line and working directory.

Work the drill

Answer on paper or in a terminal before revealing the ideal answer.

Ideal answer
cat /proc/31337/cmdline; readlink /proc/31337/cwd
Acceptable alternatives: ["tr '\\0' ' ' < /proc/31337/cmdline; readlink /proc/31337/cwd", "ls -la /proc/31337/"]

Misconception bank

Each row below is a plausible wrong answer, the thinking that produces it, and the remedy that corrects the misconception. These are the foundation of the multiple-choice framing and the targeted feedback a student receives after answering.

ps -p 31337
Misconception. ps shows command line summary but not cwd.
Remedy. /proc/PID/cwd (symlink) + cmdline together.

Authority mappings

Hover any chip for the mapping justification; click to open the authority record.

DCWF roles: CE-463 Host Analyst
DCWF tasks: T0447
KU outcomes: CO-M3-O3CO-M9-O1
KU topics: CD-OSC-T3