Digital Forensic Certification Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Digital Forensic Certification Exam. Study with interactive quizzes, detailed explanations, and expert resources to boost your confidence and ensure success on exam day!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What tool can the system administrator use to view active TCP and UDP connections on a compromised system?

  1. Netstat

  2. Process Explorer

  3. Wireshark

  4. Task Manager

The correct answer is: Netstat

The tool that allows a system administrator to view active TCP and UDP connections on a compromised system is Netstat. This command-line utility provides detailed information about various network statistics, including the status of TCP and UDP ports, the local and remote addresses, and the state of connections. By executing Netstat, an admin can quickly identify which ports are open and what services are currently communicating over the network. Netstat is particularly useful in forensic investigations, as it helps ascertain whether any unauthorized connections have been established, which is a common indicator of compromise. It provides real-time insights into network behavior, making it an essential tool for monitoring and analyzing network activity on a system suspected of compromise. In contrast, while Process Explorer can provide detailed insight into running processes and their associated network connections, it does not specifically summarize TCP and UDP connections as clearly or comprehensively as Netstat. Wireshark is a powerful packet analysis tool that captures and analyzes traffic, but it is more complex and typically used for deeper network analysis rather than for a straightforward overview of active connections. Task Manager can show network activity per application but lacks the detailed information on active connections provided by Netstat.

More Questions Like This