CompTIA
CV0-003 · Question #150
CV0-003 Question #150: Real Exam Question with Answer & Explanation
The correct answer is A: netstat. netstat displays all active TCP and UDP connections along with their remote IP addresses and ports, making it the correct tool to identify services that may be communicating with external command-and-control servers.
Troubleshooting
Question
An administrator suspects malware has infected a server. Which of the following should be used to check services communicating with external servers?
Options
- Anetstat
- Barp
- Cnslookup
- Ddig
Explanation
netstat displays all active TCP and UDP connections along with their remote IP addresses and ports, making it the correct tool to identify services that may be communicating with external command-and-control servers.
Common mistakes.
- B. arp maps IP addresses to MAC addresses on the local network segment and provides no visibility into connections made to external remote servers.
- C. nslookup is a DNS resolution tool used to look up hostnames and records, not a utility for monitoring active network connections or sessions.
- D. dig is also a DNS query tool that retrieves DNS records and has no capability to display or monitor active network sessions.
Concept tested. Using netstat to detect malicious external connections
Reference. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netstat
Topics
#netstat#malware detection#external connections#security monitoring
Community Discussion
No community discussion yet for this question.