ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 278 discussion

Actual exam question from CompTIA's CAS-004
Question #: 278
Topic #: 1
[All CAS-004 Questions]

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

  • A. tcpdump
  • B. netstat
  • C. tasklist
  • D. traceroute
  • E. ipconfig
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by BiteSize at July 19, 2023, 7:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Meep123
7 months, 1 week ago
Selected Answer: B
investigate: "what are my current active ports and processes?"
upvoted 3 times
...
imather
9 months, 1 week ago
Selected Answer: B
netstat -nalp can find active ports and the associate process ID
upvoted 1 times
...
BiteSize
9 months, 3 weeks ago
Selected Answer: B
Netstat to see active ports and some info about it. add the modifier -put
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago