CV0-002 · Question #150
An administrator suspects malware has infected a server. Which of the following should be used to check services communicating with external servers?
The correct answer is A. netstat. The netstat utility is used to display active network connections, routing tables, and network interface statistics, making it ideal for identifying suspicious outbound connections from a server.
Question
An administrator suspects malware has infected a server. Which of the following should be used to check services communicating with external servers?
Options
- Anetstat
- Barp
- Cnslookup
- Ddig
How the community answered
(50 responses)- A90% (45)
- B2% (1)
- C6% (3)
- D2% (1)
Why each option
The netstat utility is used to display active network connections, routing tables, and network interface statistics, making it ideal for identifying suspicious outbound connections from a server.
The netstat command (network statistics) is a command-line utility that displays active network connections, listening ports, and routing tables. It can reveal which processes or services are establishing outbound connections to external IP addresses, which is crucial for identifying potential command-and-control communication from malware.
arp (Address Resolution Protocol) displays and modifies the IP-to-MAC address translation tables, which is not directly used for checking outbound service communication.
nslookup (name server lookup) is a command-line tool for querying DNS servers to obtain domain name or IP address mapping or for any other specific DNS record, not for active connections.
dig (domain information groper) is a flexible command-line tool for interrogating DNS name servers, similar to nslookup, but not for showing active network connections.
Concept tested: Network troubleshooting tools - identifying active connections
Source: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netstat
Topics
Community Discussion
No community discussion yet for this question.