While investigating a recent security incident, a security analyst decides to view all network connections on a particular server. Which of the following would provide the desired information?
The reason why it's nestat and not nmap for this question:
Nmap is a Network mapping tool. That means it's used to discover information about hosts on a network (their ip, open ports, etc). Where netstat is a network statistic tool used to list active connections.
The question is asking about seeing active connections.
Answer: netstat
The netstat command shows all active network connections, network interface information, and ports that are listening. The question is asking to view all the connections on the server which the netstat command will do.
==================================
Nmap or network mapper is a network discovery and security auditing tool mainly used to find services, hosts, and open ports on a network.
Nslookup - This command queries DNS servers to obtain DNS records
ARP Command is a TCP/IP utility used for viewing and modifying the local Address Resolution Protocol (ARP) cache.
Netstat allows you to view statistics for TCP/IP protocols and
view all active network connections. This can be useful if you
suspect malware is causing a computer to connect with a
remote computer.
The netstat command is used to view all network connections on a system, displaying information about active connections, listening ports, and related network statistics. It is a commonly used tool for network analysis and troubleshooting.
C. netstat
Netstat (Network Statistics) is a command-line utility that can be used to display the current network connections on a server, including incoming and outgoing connections, as well as network statistics, such as the number of packets sent and received, and the number of errors. Netstat can be used to view the status of TCP and UDP connections, including information about the local and remote addresses, the state of the connection, and the process ID (PID) associated with the connection. This information can be used by the security analyst to identify any suspicious connections or traffic patterns, and to help determine the source of the security incident.
Ans A. netstat -a will display all the current active connections, the internet protocol type, IP addresses, port numbers, and the state of the connection
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Gino_Slim
Highly Voted 2 years, 6 months agoOval61251
2 years, 6 months agorodwave
Highly Voted 2 years, 5 months agoLordJaraxxus
Most Recent 1 year, 2 months agoirtaza909
1 year, 3 months agoApplebeesWaiter1122
1 year, 9 months agoronniehaang
2 years, 3 months agoandrizo
2 years, 6 months agoRevolutionaryAct
1 year, 8 months agoomodara
2 years, 7 months agoomodara
2 years, 7 months ago