Which of the following should the security analyst do to determine if the compromised system still has an active connection?

Posted by: Pdfprep Category: SY0-501 Tags: SY0-501 exam questions, SY0-501 practice exam, CompTIA Security+ Post Date: June 8, 2021

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.0:6666.

Which of the following should the security analyst do to determine if the compromised system still has an active connection?
A . tracert
B . netstat
C . ping
D . nslookup

Answer: B

Which of the following should the security analyst do to determine if the compromised system still has an active connection?

Author

Leave a Reply Cancel reply