20.8k views
0 votes
A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?

A. tracert
B. netstat
C. ping
D. nslookup

User RCB
by
8.4k points

1 Answer

0 votes

Answer:

Option B. netstat

is the correct answer.

Step-by-step explanation:

  • The word "netstat" is a combination of two words network statistics.
  • It is defined as a program which is controlled through commands that are issued in the command line.
  • It displays the network connections for network interfaces, routing tables Transmission Control Protocol (TCP) and UDP.
  • netstat command informs the user about portstand addresses and delivers the basic statistics on all network activities.
  • It is available for operating systems including:
  1. Unix
  2. Mac
  3. BSD
  4. Linux
  5. Solaris
  6. IBM
  7. Windows

i hope it will help you!

User Giorgi Gvimradze
by
7.7k points