nerdexam
ExamsGCIHQuestions#487
GIAC

GCIH · Question #487

GCIH Question #487: Real Exam Question with Answer & Explanation

Sign in or unlock GCIH to reveal the answer and full explanation for question #487. The question stem and answer options stay visible for context.

Incident Response & Cyber Kill Chain

Question

You are investigating an incident on a workstation that you suspect is compromised after the user opened an executable in an email. The workstation is used for email, internet access, and office applications; it is never remotely accessed. You run netstat -n to view the current network connections. Below is a partial capture of the output. Which IP address is most suspect and should be investigated first?

Exhibit

GCIH question #487 exhibit

Options

  • A10.0.0.15
  • B98.138.253.109
  • C112.101.64.1
  • D74.125.228.36

Unlock GCIH to see the answer

You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock GCIH - $49.99 / 30 daysSign in

Topics

#netstat#suspicious network connections#compromised workstation#C2 traffic identification
Full GCIH Practice