Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 53 discussion

Actual exam question from CompTIA's CS0-002
Question #: 53
Topic #: 1
[All CS0-002 Questions]

A user's computer has been running slowly when the user tries to access web pages. A security analyst runs the command netstat -aon from the command line and receives the following output:

Which of the following lines indicates the computer may be compromised?

  • A. Line 1
  • B. Line 2
  • C. Line 3
  • D. Line 4
  • E. Line 5
  • F. Line 6
Show Suggested Answer Hide Answer

Suggested Answer: D

Comments

IxlJustinlxl
Highly Voted 2 months, 3 weeks ago
definitely line 3 - I like to run exploits over 443 to obfuscate the traffic - this looks like IP 185.23.17.119 (external) is connecting back to our source IP over 443. Common reverse shell technique.
upvoted 5 times
...
btoopalow
Highly Voted 2 months, 4 weeks ago
I still think line 3 is the suspicious one. HTTPS inbound looks odd to a users computer. the SMB 445 outbound is still to an internal private ip 10.0.0.0/8 that could be just a file server.
upvoted 5 times
I_heart_shuffle_girls
2 months, 3 weeks ago
Fair enough, my networking really isn't the best. After double checking you are certainly right, I will have to go with a different line probably 3 like you pointed out.
upvoted 2 times
who__cares123456789___
2 weeks, 2 days ago
Good call guys! I jumped to 445 also but now I see it is private, likely same domain. If you note, the difference in 3 and 4-5, 4-5 is an outbound cause endpoint used a high port and hit 443 webserver...nothing strange about that. BUT this inbound 443 from some foreign addy with a high port speaks of a nefarious connection!!! Likely a shell... Great work people...I see you!!!
upvoted 1 times
...
...
...
Alizadeh
Most Recent 3 weeks, 6 days ago
Line 3
upvoted 2 times
...
somsom
1 month, 2 weeks ago
Line 3 was compromised i go for C
upvoted 3 times
...
Obi_Wan_Jacoby
2 months, 3 weeks ago
Going with Answer C (Line 3) as well
upvoted 3 times
...
Lines 3 and 5 are interesting to me. What does everyone else think?
upvoted 2 times
I'm going to go with F. Port 445 is the reason for this. It didn't register for a second but that is the SMB port connecting to an external IP address.
upvoted 2 times
properlot
1 week, 4 days ago
Its a private ip
upvoted 1 times
...
...
...

SaveCancel