ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 5 discussion

Actual exam question from CompTIA's SY0-501
Question #: 5
Topic #: 1
[All SY0-501 Questions]

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to
207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?

  • A. tracert
  • B. netstat
  • C. ping
  • D. nslookup
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Aksu1994 at May 3, 2019, 6:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rockadocious
Highly Voted 6 years ago
Open cmd in your system Type netstat -a This will show you the connections and whether the it is listening, established or Close_wait The question was how to determine if it's still open
upvoted 20 times
...
bobthebuilder55110
Highly Voted 4 years, 5 months ago
Can anyone please tell me how can directly jump on topic 2 questions?? And also some tips would be nice interms of exam I am planning to give exam in the first week of February and I have watched professor messer and read through some of Darril gibson book. and then directly jumping here for the questions, do you think it will be enough ??
upvoted 7 times
...
exiledwl
Most Recent 4 years, 6 months ago
Some free advice. Topic 1 has old questions and you should skip it because you won't see these on the exam. Topic 2 has latest questions as of Dec 2020. I'd even recommend paying (like I did) to get access to the full list of topic 2. 90% of my questions were from topic 2
upvoted 7 times
illuded03jolted
4 years, 5 months ago
appreciate it man!
upvoted 1 times
...
jnew
4 years, 5 months ago
How sure are you that Topic 1 questions won't be seen on the exam after December 2020?
upvoted 3 times
...
theguru89
4 years ago
where is topic 2??
upvoted 2 times
...
Fernando001
4 years, 1 month ago
Where is topic 2 ?
upvoted 2 times
...
...
dinosan
5 years, 4 months ago
The netstat command (short for network statistics) allows you to view statistics for TCP/IP protocols on a system. It also gives you the ability to view active TCP/IP network connections. Many attacks establish connections from an infected computer to a remote computer. If you suspect this, you can often identify these connections with netstat. Source: Get Certified Get Ahead - Netstat (p.86)
upvoted 3 times
...
MSZ
6 years, 1 month ago
The port is also mentioned that's why
upvoted 2 times
...
Aksu1994
6 years, 2 months ago
How would the command look like? Because personally, i thought ping would be better because you could ping that ip adress and see whether you are getting a response from it or not. You can't use netstat to check if an external ip adress is active or not, right?
upvoted 1 times
nickyjohn
5 years, 7 months ago
Ping is good to use when you are seing if a host is up and running, but as soon as you enter the colon(:) the command will fail to return any information!
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel