Comptia Security Exam Practice Questions Sample SY0 501 Q5

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to
Which of the following should the security analyst do to determine if the compromised system still has an active connection?

A. tracert
B. netstat
C. ping
D. nslookup

Correct Answer: B