Which of the following should the security analyst do to determine if the compromised system still has an active connection?

Posted by: Pdfprep Category: SY0-501 Tags: , ,

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.0:6666.

Which of the following should the security analyst do to determine if the compromised system still has an active connection?
A . tracert
B . netstat
C . ping
D . nslookup

Answer: B

Leave a Reply

Your email address will not be published.