Exam CAS-004 topic 1 question 18 discussion

E. sudo netstat -pnut | grep -P ^tcp The command "sudo netstat -pnut | grep -P ^tcp" would be the best option to view only active Internet connections on a Linux workstation. Explanation of the command: "sudo" is used to run the command with administrative privileges. "netstat" is the command-line utility for displaying network connections. "-pnut" displays active network connections (-t for TCP connections, -u for UDP connections, and -n for numerical addresses instead of resolving hostnames). The "-p" option shows the process ID and name associated with each connection. "grep -P ^tcp" filters the output to show only TCP connections. This command will provide a list of active TCP connections, including the process ID and name associated with each connection.

Correct Answer: ✔ E) sudo netstat -pnut | grep -P ^tcp Explanation: This command is best suited for viewing active Internet connections (TCP and UDP) because: netstat -pnut → Shows protocols (-p), numeric addresses (-n), UDP (-u), and TCP (-t) connections. grep -P ^tcp → Uses Perl-compatible regex (-P) to filter only active TCP connections (since most Internet-based connections use TCP). It provides a clear view of Internet-based TCP connections on the Linux workstation.

According to ChatGBT, the answer is B. sudo netstat -nlt -p | grep ג€ESTABLISHEDג€

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

This is a very weird question. The question mentions that the analyst is looking for TCP connections, but then asks the BEST way to view "Active Internet Connections." Anyone who's ever run netstat, will know that it ALWAYS says "Active Internet Connections." So literally any of these commands could be interpreted as correct. If we are only truly interested in ESTABLISHED TCP connections - which can be interpreted as an "active" connection, B is the obvious answer. If we are interested in only outgoing connections for both protocols, then D is the best choice - however I am inclined to think that we only care about TCP. E seems silly since the better idea would be to just omit -u and not to the grep, however it does achieve only showing tcp connections, however it will include TIME_WAIT and CLOSED connections - which aren't considered "active" in some senses, however because of their word choice being the same word choice that netstat ALWAYS outputs, I would have to go with E.

E is correct.

To view only active Internet connections on a Linux workstation, the BEST command to run would be: E. sudo netstat -pnut | grep -P ^tcp

Has to be D, internet connections are absolutely both UDP and TCP based so we need to see both.

E. sudo netstat -pnut | grep -P ^tcp This command displays active TCP connections and filters only those that are established (not listening or waiting) with the "grep" command. The "-p" option shows the process ID and name associated with each connection, and the "-n" option displays numerical addresses and ports instead of resolving them to names. The "^tcp" pattern filters only TCP connections, and the "-u" and "-t" options show only UDP and TCP connections, respectively. This command is the best option to view only active Internet connections on a Linux workstation.

Answer is D, the command displays "Active Internet sonnections" netstat -pnut -w | column -t -s $’\w’

I tried both D & E commands. D's output yielded a UDP connection. E did not labadmin@labadmin-virtual-machine:~$ sudo netstat -pnut | grep -P ^tcp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 192.168.88.128:68 192.168.88.254:67 ESTABLISHED 705/Net orkManager labadmin@labadmin-virtual-machine:~$ E is the clear winner

Yes agreed with RevZig67 ' Option D' gives the best result, as the question clearly states "Active Internet Connection" no other commands state that in the output

E: as the netstat "u" parameter gives UDP connections, also and the grep "tcp" filters those out.

Don't let B. trick you

The selected answer should be E.

Choice b will trick you and is not realistic since no one will use this command for this purpose. The answer is E.

I tried each command in an UBUNTU shell. Answer D gave the best results. Try it.