Which of the following should the security analyst do to determine if the compromised system still has an active connection?

SY0-501 0 Comments

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.0:6666.

Which of the following should the security analyst do to determine if the compromised system still has an active connection?
A . tracert
B . netstat
C . ping
D . nslookup

Answer: B

Latest SY0-501 Dumps Valid Version with 1130 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SY0-501 PDF     SY0-501 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments