Q: 19
A systems administrator is trying to track down a rogue process that has a TCP listener on a network
interface for remote command-and-control instructions.
Which of the following commands should the systems administrator use to generate a list of rogue
process names? (Select two).
Options
Discussion
A and B are right since both show process names tied to listening TCP ports. That's what you'd want for tracking command-and-control listeners. The other options won't directly show the process names. Pretty sure on this but open if anyone thinks otherwise.
Is the admin trying to identify only listening processes or any open TCP connection? If the question was about established connections instead of specifically listeners, it might change whether A and B are enough here.
Had something like this on a mock, definitely A and B.
Probably A and B, but if the system is using ss instead of netstat by default, wouldn't that change it?
If you want process names tied to TCP listeners, A and B are the way to go. netstat with -p shows the PID/program, and lsof lists the process details for listening ports. The rest won't get you rogue process names directly, I think.
Be respectful. No spam.
